Comment 1 for bug 1653347
Revision history for this message
| John Johansen (jjohansen) wrote Re: [profile] netstat(8): ptrace and many DENIED messages (target=*). | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
The denial messages like
target=
are caused by a kernel bug, in reporting the the profile name of the target of the ptrace.
In general ptrace operations are controlled by both capability and ptrace rules. This is because within the kernel ptrace calls in to the capability code, and hence the capability hook without the security system having context of the reasons (semantics) for the capability request. So you will need the capability rule.
Yes, netstat will also need a file rule like you described as it will walk parts of the proc filesystem as that is how it obtains information about the network connection.