gentoo-hardened June 2008 archive
Main Archive Page > Month Archives  > gentoo-hardened archives
gentoo-hardened: [gentoo-hardened] ptrace and gdb

[gentoo-hardened] ptrace and gdb

From: <julien.thomas_at_nospam>
Date: Sat Jun 14 2008 - 00:39:32 GMT

Good afternoon.

I would like to be able to trace the slapd daemon (slapd_t type) with gdb, and more
precisely to interact with it.

However, when i perform the attach command of gdb, I get a ptrace: Permission denied. with no avc log ...

I added the following authorization but it seems to be not enough. the process gdb and slapd have to the following types :

system_u:system_r:slapd_t 5930 ? Ssl 0:00 /usr/lib/openldap/slapd
root:sysadm_r:sysadm_t 5818 pts/0 S+ 0:00 gdb

  • additional SELinux module module gbd_attach 1.0 ;

require{ type slapd_t; type sysadm_t; class file {execute getattr read} ; class process {signal ptrace transition noatsecure rlimitinh siginh getsched
setsched getsession getpgid setpgid getcap setcap}; }

allow slapd_t sysadm_t:process {signal ptrace}; allow sysadm_t slapd_t:process {noatsecure rlimitinh siginh transition getsched setsched getsession getpgid setpgid getcap setcap };


Best regards,
Julien Thomas


My RSA public key for email authentication is available at and on the PGP server (id 0x43E623F5)

My (google) calendars (for meeting arrangement) Thesis : Personnal (only disponibility) :

-- mailing list