Linux – Cant run programs under strace

linuxstrace

I'm trying to run this simple program ls under strace and it wouldnt let me. Can you guys think of why this be the case?

[jeffjose@skipper ~]$ strace ls
strace: ptrace(PTRACE_TRACEME, ...): Permission denied

I'm on Fedora 17b, and my shell is tcsh. I can provide more info, if needed.

UPDATE: Christopher points out that there's a bug report on this. He also suggests me to tweak selinux or disable it. Is that the only way? What does this mean? What am I doing if I do that? Can someone elaborate and answer that? I'll chose that as the correct answer for my query. Thanks!

UPDATE2: I was doing some debugging using gdb and this came up again. Lucky for me, what needs to be done was clearly mentioned there. 

warning: the SELinux boolean 'deny_ptrace' is enabled, you can disable this process attach protection by: (gdb) shell sudo setsebool deny_ptrace=0

I was able to make strace run without any trouble. But what does this mean? What did I just do?

Best Answer

SELINUX is (security enhanced linux ) for hardening servers, running it on your desktop is a little much.

However If you want to learn about selinux, a good method is to run it in permissive mode on your desktop machine.

I use a tool called setroubleshooter which sends me desktop notifications when one of selinux's policies has been violated. If the operation is legitimate, I can "generate a local policy module to allow this access"

For example today on my machine gnome3 violated selinux, but was not denied as I am in permissive mode. selinuxtroubleshooter provided this advice:

 You should report this as a bug.
 You can generate a local policy module to allow this access.
 Allow this access for now by executing:
 # grep gnome-session-c /var/log/audit/audit.log | audit2allow -M mypol
 # semodule -i mypol.pp

these two commands allow you to check and set SELINUX

  $ getenforce 
  Permissive

  $ setenforce 
  usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]

Have fun.

Related Topic