<p>New options to <code>--secontext=...</code></p>

<ul>

<li><code>short</code>: (default, print type only)</li>

<li><code>mismatch</code>: print expected context on mismatch</li>

</ul>

<p>When using <code>mismatch</code>, an additional check is made on the context by reading the context database and comparing the output after stripping the unwanted part (e.g. stripping nothing in <code>full</code> mode, keeping the type only in default / <code>short</code> mode):</p>

<ul>

<li>if it differs, prints the expected context after print '!!'</li>

<li>if not, don't print anything</li>

</ul>

<p>Example with <code>/home/rmetrich/GIT/strace/autom4te.cache/output.3</code> file:</p>

<div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="$ matchpathcon /home/rmetrich/GIT/strace/autom4te.cache/output.3

/home/rmetrich/GIT/strace/autom4te.cache/output.3       unconfined_u:object_r:user_home_t:s0

$ ls -Z /home/rmetrich/GIT/strace/autom4te.cache/output.3

system_u:object_r:user_home_t:s0 /home/rmetrich/GIT/strace/autom4te.cache/output.3

"><pre><code>$ matchpathcon /home/rmetrich/GIT/strace/autom4te.cache/output.3

/home/rmetrich/GIT/strace/autom4te.cache/output.3       unconfined_u:object_r:user_home_t:s0

$ ls -Z /home/rmetrich/GIT/strace/autom4te.cache/output.3

system_u:object_r:user_home_t:s0 /home/rmetrich/GIT/strace/autom4te.cache/output.3

</code></pre></div>

<p>From above, we see the user part differs (<code>unconfined_u</code> vs <code>system_u</code>)</p>

<p>Output in <code>short</code> mode (no mismatch found since diff is only on the type):</p>

<div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="$ strace --secontext=mismatch -e statx stat /home/rmetrich/GIT/strace/autom4te.cache/output.3

... statx(AT_FDCWD, "/home/rmetrich/GIT/strace/autom4te.cache/output.3" [user_home_t], ...

"><pre><code>$ strace --secontext=mismatch -e statx stat /home/rmetrich/GIT/strace/autom4te.cache/output.3

... statx(AT_FDCWD, "/home/rmetrich/GIT/strace/autom4te.cache/output.3" [user_home_t], ...

</code></pre></div>

<p>Output in <code>full</code> mode (diff found on user):</p>

<div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="... statx(AT_FDCWD, "/home/rmetrich/GIT/strace/autom4te.cache/output.3" [system_u:object_r:user_home_t:s0!!unconfined_u:object_r:user_home_t:s0], ...

"><pre><code>... statx(AT_FDCWD, "/home/rmetrich/GIT/strace/autom4te.cache/output.3" [system_u:object_r:user_home_t:s0!!unconfined_u:object_r:user_home_t:s0], ...

</code></pre></div>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>

<p>  <a href='https://github.com/strace/strace/pull/197'>https://github.com/strace/strace/pull/197</a></p>

<h4>Commit Summary</h4>

<ul>

  <li><a href="https://github.com/strace/strace/pull/197/commits/3beab079d08a86827b92cfaf9ade5489523b4995">Implement displaying of expected context upon mismatch</a></li>

</ul>

<h4>File Changes</h4>

<ul>

  <li>

    <strong>M</strong>

    <a href="https://github.com/strace/strace/pull/197/files#diff-8d6eef45ec23c8419d24834eb33c42e71860c411a8a14a828185deeedb206ca8">m4/st_selinux.m4</a>

    (18)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/strace/strace/pull/197/files#diff-a79d0c038b1fdfd8377dc3686d2a0f5452abb46ac0a0c041c0c5435ed5373084">src/secontext.c</a>

    (155)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/strace/strace/pull/197/files#diff-d785ce7422790d1a7c0dca0f5d0026020f09c29b55230ad603d72ba4d12c1f1a">src/secontext.h</a>

    (2)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/strace/strace/pull/197/files#diff-96254e7c668273f0fa2069e9493e1ccc5613d7cb93a31eefb3c3d3e5639eda53">src/strace.c</a>

    (17)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/strace/strace/pull/197/files#diff-d3df2e75cba7371c50176ae21f74c8504b179c83eac66a9a9f0af873d23a6d4a">tests/.gitignore</a>

    (4)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/strace/strace/pull/197/files#diff-9cbe1420fb2a8db76a524d4854be5775d490fc4813a551307daae3b87e9f62df">tests/gen_secontext.sh</a>

    (12)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/strace/strace/pull/197/files#diff-ac5541a8eb321e9e38286393835592c58a91791b9c2b73d4a46016e9d4c07fb4">tests/gen_tests.in</a>

    (34)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/strace/strace/pull/197/files#diff-190279d4d91081ced547e95780b07eaa7eb5e2166044d047849726b0c16aa1a7">tests/linkat.c</a>

    (37)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/strace/strace/pull/197/files#diff-bd36f4a518aae5066a4e64e1e17dd8ea07c2dc3951bc0de3dd33298cbc85a862">tests/options-syntax.test</a>

    (18)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/strace/strace/pull/197/files#diff-75321b19e47242ecdaf8b6f862bb5c0e31d5cacf01a02a868ca031b19c520c8a">tests/secontext.c</a>

    (169)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/strace/strace/pull/197/files#diff-fa9aa6b648b5d2854fb7b3f1ad828e2777c885cae7af9da840d745122e4ad15b">tests/secontext.h</a>

    (28)

  </li>

</ul>

<h4>Patch Links:</h4>

<ul>

  <li><a href='https://github.com/strace/strace/pull/197.patch'>https://github.com/strace/strace/pull/197.patch</a></li>

  <li><a href='https://github.com/strace/strace/pull/197.diff'>https://github.com/strace/strace/pull/197.diff</a></li>

</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/strace/strace/pull/197">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AOVBTR3THVUMOC2UMYB3EH3UFRKOXANCNFSM5FOWWXPA">unsubscribe</a>.<br />Triage notifications on the go with GitHub Mobile for <a href="https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675">iOS</a> or <a href="https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub">Android</a>.

<img src="https://github.com/notifications/beacon/AOVBTR3PL4I3SAVMH6PIJ3TUFRKOXA5CNFSM5FOWWXPKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4PFTYWSA.gif" height="1" width="1" alt="" /></p>

<script type="application/ld+json">[

{

"@context": "http://schema.org",

"@type": "EmailMessage",

"potentialAction": {

"@type": "ViewAction",

"target": "https://github.com/strace/strace/pull/197",

"url": "https://github.com/strace/strace/pull/197",

"name": "View Pull Request"

},

"description": "View this Pull Request on GitHub",

"publisher": {

"@type": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

}

]</script>