On 04/09/2012 05:06 PM, Matthew Garrett wrote: > On Mon, Apr 09, 2012 at 04:55:27PM -0400, Daniel J Walsh wrote: > >> And guess what I use these tools, and I just execute setsebool >> deny_ptrace 0 anytime I need to strace or debug an application, then I >> turn it back on when I am done. > > Are we able to determine that strace or gdb have been explicitly started by > the user rather than from some more confined application? > We already block ptrace from almost every confined domain other then user domains. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
