Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
On 04/09/2012 08:22 PM, Daniel J Walsh wrote:
On 04/09/2012 02:15 PM, Miloslav Trmač wrote:On Mon, Apr 9, 2012 at 4:58 PM, Daniel J Walsh<dwalsh@xxxxxxxxxx> wrote:One suggestion I have heard is to turn the feature off if someone install gdb like we do with DrKonji, which might be a better solution then disabling by default.
It would be very surprising if merely installing a package changed the security configuration that is not directly related to the files installed by the package. Mirek
Right, although this is about compromise. I want the feature for as many users as possible.
We know, believe me... Do you want to know what *users* want?
If I have it on, I will hit 90% of the installed SELinux Base. If I turn it off by default I will hit< 1 % of the installed SELinux Base. If I compromise I can get 50 % of the installed base to use it.
Poor installed base....
People do not tend to change the defaults when it comes to security other then loosening it.
People also tend to remove handcuffs at every opportunity they get. I wonder why. -- vda -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel