Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: [...] > To a first approximation, simply auditing the distribution for anything > that opens files or reads information from the network and forbidding > them ptrace access (and denying ptrace access from any existing confined > domains except, maybe, staff_t) seems like it would get us most of the > way to option 4 without breaking existing user expectations. What am I > missing that makes this infeasible? That would leave just "Hello, world!" style programs (as long as they aren't in some way localized, like the GNU version is). -- Dr. Horst H. von Brand User #22616 counter.li.org Departamento de Informatica Fono: +56 32 2654431 Universidad Tecnica Federico Santa Maria +56 32 2654239 Casilla 110-V, Valparaiso, Chile 2340000 Fax: +56 32 2797513 -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
