2012/4/9 Daniel J Walsh <dwalsh@xxxxxxxxxx>
On 04/09/2012 11:11 AM, Frank Ch. Eigler wrote:Ok, I guess I will have to fix this, and propose that we turn it on by default
>
> dwalsh wrote:
>
>> I thought I made this clear in my blogs and the feature page that I
>> wanted this on deny_ptrace on by default. [...]
>> https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace
>
> The version of this page that you last edited [1] (and presumably as seen
> by FESCO) had this blurb:
>
> The deny_ptrace boolean will deny all processes even the unconfined_t
> domain from being able to ptrace other domains. Because of this it will be
> optional and turned off by default
>
> which seems easy to interpret as the opposite of "deny_ptrace on by
> default".
>
> [1]
> https://fedoraproject.org/w/index.php?title=Features/SELinuxDenyPtrace&oldid=268413
>
> - FChE
in Fedora 18.
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Maybe if deny_ptrace remains turn on by default already from F17 is good, i think. Because of two reasons primarily:
- Many "Fedora normal users" still don't know because SELinux is important, you image if someone be worried how to turn on a its boolean.
- Although someone is interested to it, will think that it is not as important if disabled on default.
Also:
- If this feature is turned off by default, less feedbacks will come back from comunity.
In any case i will advice to active it if necessary.
My two cents. :)
Regards.
--
Antonio Trande
"Fedora Ambassador"
mail: mailto:sagitter@xxxxxxxxxxxxxxxxx
Homepage: http://www.fedora-os.org
Sip Address : sip:sagitter AT ekiga.net
Jabber :sagitter AT jabber.org
GPG Key: 19E6DF27
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
