> I'm not against the kernel protection measure, but it must be ensured, that
it can be disabled at boot time.
Yes. It will be actually the same way as the package that currently sets
ptrace_scope to 0 on boot, and it is one command to achieve it. The proposal
was already updated to contain the link to the discussion with regards to the
Docs pages that are to be created/updated: the Docs pages locations are already
determined and Docs approved, although we can still discuss and adjust them and
everyone may let me know in the Discourse topic how to optimize the Docs
location and such (at the best, in the Discourse topic about the Docs pages of
the proposal, which is why I added it to the proposal's documentation section)
. So far there would be three types of Docs pages that shall serve three
different reasonings with which developers might approach the issue they
experience in gdb/strace:
"My GDB is broken, I need troubleshooting gdb": → quick docs →
“troubleshooting” section → “Troubleshooting debugger problems (gdb, strace, related
tools)”
"My GDB is broken, that surely is another SELinux issue (which seems many if not
most people thought in 2015 when this occurred the first time)": → quick docs →
“SELinux” section → “Troubleshooting SELinux” (a section about this will be added and
linking to the above Docs page)
"GDB is broken after I upgraded, I have to check the release notes": → release notes will
elaborate and link to the Docs page (the proposed "release notes" were updated as well
due to the feedback of a developer using gdb)
Also, there will be a Discourse topic about the problem in the usual ask
section (problem + solution). And both Discourse and our Docs are well ranked
in search queries on search engines.
On 12/09/2025 16.13, Marius Schwarz wrote:
Am 12.09.25 um 15:46 schrieb Daniel P. Berrangé:
I wouldn't have realized it was proposing
to break use of gdb & strace out of the box if someone had
not mentioned in here.
A real-world example:
if strace does no longer work, you would i.e. not be able to live debug a php
cgi-scripts answere via a https connection, that you do not do yourself (with curl)
or is contained i.e. in Thunderbird CalDav. I just had that problem a few days ago,
and it was the only way to see the real request & response. ( Which then let to
a Thunderbird Bug Mozilla does not yet know of)
I'm not against the kernel protection measure, but it must be ensured, that it
can be disabled at boot time.
best regards,
Marius Schwarz
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
