[strace/strace] Print SELinux contexts when enabling "--secontext" (not compatible with "-c"). (#121)
Renaud Métrich
notifications at github.com
Thu Jan 30 12:04:41 UTC 2020
This is very useful when debugging SELinux issues, in particular when a process runs in an unexpected context or didn't transition properly, or typically when a file being opened has not the proper context.
Sub-option `--typeonly` may be used to only print the type, as shown in the examples below:
Without any option (standard strace, here used `-fttTvyy` flags):
~~~
118104 16:52:11.141122 select(9, [4<TCP:[0.0.0.0:22]> 6<TCPv6:[[::]:22]>], NULL, NULL, NULL) = 1 (in [4]) <1.845416>
119820 16:52:13.133319 openat(AT_FDCWD, "/home/rmetrich/.ssh/authorized_keys", O_RDONLY|O_NONBLOCK) = 11</home/rmetrich/.ssh/authorized_keys> <0.000399>
~~~
With `--secontext` option, a new column is added after PID, showing the context the PID is executing and each PATH has its context associated (when file exists) :
~~~
118104 [system_u:system_r:sshd_t:s0-s0:c0.c1023] 16:52:11.141122 select(9, [4<TCP:[0.0.0.0:22]> 6<TCPv6:[[::]:22]>], NULL, NULL, NULL) = 1 (in [4]) <1.845416>
119820 [system_u:system_r:sshd_t:s0-s0:c0.c1023] 16:52:13.133319 openat(AT_FDCWD, "/home/rmetrich/.ssh/authorized_keys" [system_u:object_r:nfs_t:s0], O_RDONLY|O_NONBLOCK) = 11</home/rmetrich/.ssh/authorized_keys> [system_u:object_r:nfs_t:s0] <0.000399>
~~~
With `--typeonly` sub-option, same except only the type is displayed:
~~~
118104 [sshd_t] 16:52:11.141122 select(9, [4<TCP:[0.0.0.0:22]> 6<TCPv6:[[::]:22]>], NULL, NULL, NULL) = 1 (in [4]) <1.845416>
119820 [sshd_t] 16:52:13.133319 openat(AT_FDCWD, "/home/rmetrich/.ssh/authorized_keys" [nfs_t], O_RDONLY|O_NONBLOCK) = 11</home/rmetrich/.ssh/authorized_keys> [nfs_t] <0.000399>
~~~
This only requires binding strace to libdl at compilation time.
You can view, comment on, or merge this pull request online at:
https://github.com/strace/strace/pull/121
-- Commit Summary --
* Print SELinux contexts when enabling "--secontext" (not compatible with
-- File Changes --
M Makefile.am (2)
M defs.h (4)
M strace.c (122)
M util.c (12)
-- Patch Links --
https://github.com/strace/strace/pull/121.patch
https://github.com/strace/strace/pull/121.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/strace/strace/pull/121
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20200130/e4ac3855/attachment.html>
More information about the Strace-devel
mailing list