Hello! > The real fix is really to use a LSM for custom jails. Trying to make > ptrace secure is trying to make a sieve wather tight by plugging the individual > holes one by one. It's simply not suitable for this. As long as the set of syscalls which are permitted is trivial, it should be secure and much easier than writing a custom LSM. Regardless, having working strace would be nice. Have a nice fortnight -- Martin `MJ' Mares <mj@xxxxxx> http://mj.ucw.cz/ Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth "Never send to know for whom the bell tolls: it tolls for thee." -- John Donne -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html