From: russell@coker.com.au (Russell Coker)
Date: Sun, 12 Feb 2017 19:54:42 +1100
Subject: [refpolicy] [PATCH] deny_ptrace
In-Reply-To: <CAPuKSJbZsB5dbjJfM7++zgYvSg14mqNMGCc6cY3U6cHU1QREQg@mail.gmail.com>
References: <20170212071657.blofqcpbffwf74pl@athena.coker.com.au>
	<CAPuKSJYLS3GsdhO=Wo2n=rzMBU_7047KN6zVryNOk-Zh9asLYA@mail.gmail.com>
	<CAPuKSJbZsB5dbjJfM7++zgYvSg14mqNMGCc6cY3U6cHU1QREQg@mail.gmail.com>
Message-ID: <8514297.Z2nPYE4hM1@russell.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sunday, 12 February 2017 3:34:06 PM AEDT Jason Zaman via refpolicy wrote:
> https://github.com/TresysTechnology/refpolicy/blob/master/policy/modules/rol
> es/sysadm.te#L10
> 
> Refpolicy already has this but reversed. Refpolicy prefers to ship with all
> booleans disabled so it's allow_ptrace instead of deny_ptrace.
> 
> Adding more places is probably good tho if they're missing then you can
> drop anything custom in Debian's packages

Thanks for the quick response.  I've dropped that patch from Debian, I'll look 
into extending allow_ptrace later.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/