• 1
Hey Dan,

Thanks for the post. I'm running F16 (and CentOS 6 on some servers at work). They both have a boolean "allow_ptrace" and it's set "off" on both systems (F16, CentOS 6.2). But I can still strace other processes. What gives (I wish booleans were better documented...)?

David Klann

I originally thought about extending allow_ptrace, but I thought I had better just create a new boolean and remove the old. allow_ptrace only effected confined users. But since hardly anyone used confined users, I thought I needed a better way to describe the feature.

semanage boolean -l

Gives you a description of what the booleans allow.

sesearch -A -C | grep deny_ptrace

Will give you an idea of what is allowed/denied depending on the settings of the deny_ptrace boolean.

  • 1

Log in