[strace/strace] Print SELinux contexts when enabling "--secontext" (not compatible with "-c"). (#121)

Renaud Métrich notifications at github.com
Thu Jan 30 12:04:41 UTC 2020 

This is very useful when debugging SELinux issues, in particular when a process runs in an unexpected context or didn't transition properly, or typically when a file being opened has not the proper context.

Sub-option `--typeonly` may be used to only print the type, as shown in the examples below:

Without any option (standard strace, here used `-fttTvyy` flags):
~~~
118104  16:52:11.141122 select(9, [4<TCP:[0.0.0.0:22]> 6<TCPv6:[[::]:22]>], NULL, NULL, NULL) = 1 (in [4]) <1.845416>
119820  16:52:13.133319 openat(AT_FDCWD, "/home/rmetrich/.ssh/authorized_keys", O_RDONLY|O_NONBLOCK) = 11</home/rmetrich/.ssh/authorized_keys> <0.000399>
~~~

With `--secontext` option, a new column is added after PID, showing the context the PID is executing and each PATH has its context associated (when file exists) :
~~~
118104 [system_u:system_r:sshd_t:s0-s0:c0.c1023] 16:52:11.141122 select(9, [4<TCP:[0.0.0.0:22]> 6<TCPv6:[[::]:22]>], NULL, NULL, NULL) = 1 (in [4]) <1.845416>
119820 [system_u:system_r:sshd_t:s0-s0:c0.c1023] 16:52:13.133319 openat(AT_FDCWD, "/home/rmetrich/.ssh/authorized_keys" [system_u:object_r:nfs_t:s0], O_RDONLY|O_NONBLOCK) = 11</home/rmetrich/.ssh/authorized_keys> [system_u:object_r:nfs_t:s0] <0.000399>
~~~

With `--typeonly` sub-option, same except only the type is displayed:
~~~
118104 [sshd_t] 16:52:11.141122 select(9, [4<TCP:[0.0.0.0:22]> 6<TCPv6:[[::]:22]>], NULL, NULL, NULL) = 1 (in [4]) <1.845416>
119820 [sshd_t] 16:52:13.133319 openat(AT_FDCWD, "/home/rmetrich/.ssh/authorized_keys" [nfs_t], O_RDONLY|O_NONBLOCK) = 11</home/rmetrich/.ssh/authorized_keys> [nfs_t] <0.000399>
~~~

This only requires binding strace to libdl at compilation time.
You can view, comment on, or merge this pull request online at:

  https://github.com/strace/strace/pull/121

-- Commit Summary --

  * Print SELinux contexts when enabling "--secontext" (not compatible with

-- File Changes --

    M Makefile.am (2)
    M defs.h (4)
    M strace.c (122)
    M util.c (12)

-- Patch Links --

https://github.com/strace/strace/pull/121.patch
https://github.com/strace/strace/pull/121.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/strace/strace/pull/121
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20200130/e4ac3855/attachment.html>

More information about the Strace-devel mailing list