Wanted: small C program to drop all capabilities but cap_sys_ptrace

Shachar Shemesh shachar at shemesh.biz
Wed Sep 29 10:39:43 CDT 2010

On 29/09/10 16:53, Scott Ritchie wrote:
> Unfortunately the default behavior can only be set globally, so that
> leaves me with:
> 1) make installing the package cause the global change
> 2) the above idea
> 3) do nothing
> I'm not sure which is worse, although I know doing nothing breaks a lot
> of apps.  The long term solutions are described at the bug however.
> It would be rather nice if there were a cap_sys_ptrace that were at
> least restricted to other processes owned by that user...

What do other packages that depend on ptrace do? In particular, what 
does strace do?

I'd ask about fakeroot-ng, but it's in universe, and I'm the "upstream" 
maintainer (read - Debian), so I'm fairly sure that's just broken, but 
do have a look at that too.


Shachar Shemesh
Lingnu Open Source Consulting Ltd.

More information about the wine-devel mailing list