Paul Chaignon's GSoC status report - #4 of 12
Paul Chaignon
paul.chaignon at gmail.com
Mon Jun 24 19:12:12 UTC 2019
Hi all,
Accomplishments:
- Addressed most comments on v4 of the status patchset. I'm waiting for the
answers to a few questions to send the v5. I'll probably send it before end
of week otherwise.
- Debugged the issue with some tests returning ENOSYS. Under seccomp, this is
the expected error code for an absent tracer. Turns out it had nothing to do
with that this time: tracee was restarted with PTRACE_SYSCALL instead of
PTRACE_CONT leading to strace trying to decode seccomp-stop event as a
syscall-exit-stop event. I introduced the bug while refactoring.
- Built a bcc tool [1] to help debug the above issue. The tool traces
__seccomp_filter with kprobes/BPF to infer the seccomp action (e.g.,
RET_TRACE or RET_ALLOW). I'll probably submit it to the bcc repository after
the end of GSoC if it proves to be stable enough.
- While going through the patched test suite (see previous GSoC report), I
noticed that several tests with fork() or threads but without the -f option
were failing. These are failing because children tasks inherit the seccomp
filter of parent tasks. Thus, if tracing a multi-task process with strace -n
(i.e., seccomp filtering enabled), we should make sure that -f is enabled so
that all tasks have a proper tracer. The current patchset errors out when -n
is given without -f. While this propagation of seccomp filters to children
tasks makes sense for sandboxing, it might be worth having an option in the
kernel to disable propagation for tracing use cases. Without such an option
in the Linux API, strace will only be able to use seccomp filtering when -f
is set. What do you think? Should I send an RFC patch to the kernel after
my main seccomp tasks are finished?
Priorities:
- Finish writing the execve test case for seccomp filtering.
- Rework the commit history and send the RFC patchset for seccomp filtering.
- Send v5 of the status patchset.
Paul
1 - https://gist.github.com/pchaigno/59c6044fd3753022c6248c1ba7ad9cbd
More information about the Strace-devel
mailing list