If the sysctl option is enabled, a sysctl option with name harden_ptrace is created. 2.) Moreover, in the policy file with enabled RBAC, you can select which process can ptrace: -CAP_ALL +CAP_SYS_PTRACE 3.) And even some more options: # Role flags: # A -> This role is an administrative role, thus it has special privilege normal # roles do not have.