On 2022-01-05 at 12:24, debian-b...@cboltz.de wrote: > so all profiles that include abstractions/base can be ptraced. > > However, what you see happens in the HANDLING_UNTRUSTED_INPUT hat (this > hat is used when Apache processes are idle) - and Apache hats typically > don't include abstractions/base. Ah ha, that's what doing it. Thanks for the explanation.
> (Nevertheless, the apache hats should allow to be ptraced. I'll leave > that to the maintainer of the Apache profile in Debian - and would love > to see the fix upstreamed.) I suppose all of the hats should have some line for this. I suspect it is possible to ptrace apache when in the non-idle hat; my webserver is just not very busy. - Craig