4.15. Disabling ptrace()

download PDF
The ptrace() system call allows one process to observe and control the execution of another process and change its memory and registers. This call is used primarily by developers during debugging, for example when using the strace utility. When ptrace() is not needed, it can be disabled to improve system security. This can be done by enabling the deny_ptrace Boolean, which denies all processes, even those that are running in unconfined_t domains, from being able to use ptrace() on other processes.
The deny_ptrace Boolean is disabled by default. To enable it, run the setsebool -P deny_ptrace on command as the root user:
~]# setsebool -P deny_ptrace on
To verify if this Boolean is enabled, use the following command:
~]$ getsebool deny_ptrace
deny_ptrace --> on
To disable this Boolean, run the setsebool -P deny_ptrace off command as root:
~]# setsebool -P deny_ptrace off


The setsebool -P command makes persistent changes. Do not use the -P option if you do not want changes to persist across reboots.
This Boolean influences only packages that are part of Red Hat Enterprise Linux. Consequently, third-party packages could still use the ptrace() system call. To list all domains that are allowed to use ptrace(), enter the following command. Note that the setools-console package provides the sesearch utility and that the package is not installed by default.
~]# sesearch -A -p ptrace,sys_ptrace -C | grep -v deny_ptrace | cut -d ' ' -f 5
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.