[suspend] [patch 3/3] attach-fail-reasons: SELinux deny_ptrace
Tom Tromey
tromey@redhat.com
Thu Mar 8 16:43:00 GMT 2012
>>>>> "Jan" == Jan Kratochvil <jan.kratochvil@redhat.com> writes:
Jan> On Tue, 06 Mar 2012 07:17:39 +0100, Jan Kratochvil wrote:
>> and here is the last bit for new SELinux 'deny_ptrace':
>> https://bugzilla.redhat.com/show_bug.cgi?id=786878
Jan> FYI going to keep this patch off-trunk for a while as 'deny_ptrace' is not
Jan> going to restrict PTRACE_TRACEME. Therefore the GDB patch no longer has to
Jan> protect against failing PTRACE_TRACEME. This does simplify the GDB patch.
Jan> I will wait till the SELinux kernel 'deny_ptrace' restrictions settle down.
I wonder whether ptrace-hardening approaches other than SELinux still
have restrictions on PTRACE_TRACEME. If so then you may want a similar
patch anyhow.
Tom
More information about the Gdb-patches
mailing list