How can Linux ptrace be unsafe or contain a race condition?

Question

I\'d like to implement a sandbox by ptrace()ing a process I start and all its children would create (including grandchildren etc.). The ptrace() pa

Answer 1

Doesn't ptrace only get notifications after-the-fact? I don't think you have a chance to actually stop the syscall from happening, only to kill it as fast as you can once you see something "evil".

It seems like you're more looking for something like SELinux or AppArmor, where you can guarantee that not even one illegal call gets through.