From: russell@coker.com.au (Russell Coker) Date: Sun, 12 Feb 2017 19:54:42 +1100 Subject: [refpolicy] [PATCH] deny_ptrace In-Reply-To: References: <20170212071657.blofqcpbffwf74pl@athena.coker.com.au> Message-ID: <8514297.Z2nPYE4hM1@russell.coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sunday, 12 February 2017 3:34:06 PM AEDT Jason Zaman via refpolicy wrote: > https://github.com/TresysTechnology/refpolicy/blob/master/policy/modules/rol > es/sysadm.te#L10 > > Refpolicy already has this but reversed. Refpolicy prefers to ship with all > booleans disabled so it's allow_ptrace instead of deny_ptrace. > > Adding more places is probably good tho if they're missing then you can > drop anything custom in Debian's packages Thanks for the quick response. I've dropped that patch from Debian, I'll look into extending allow_ptrace later. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/