Proposing SELinux support in strace

Renaud Métrich rmetrich at redhat.com
Tue Nov 17 08:25:29 UTC 2020 

Dear developers,

I'm proposing to add SELinux support into strace through using 
"--secontext" option.

This is very useful when debugging SELinux issues, in particular when a 
process runs in an unexpected context or didn't transition properly, or 
when a file being opened has not the proper context resulting in a EPERM.

Sub-option |--typeonly| may be used to only print the type, as shown in 
the examples below:

  * Without any option (standard strace, here used |-fttTvyy| flags):

    |118104 16:52:11.141122 select(9, [4<TCP:[0.0.0.0:22]>
    6<TCPv6:[[::]:22]>], NULL, NULL, NULL) = 1 (in [4]) <1.845416>
    119820 16:52:13.133319 openat(AT_FDCWD,
    "/home/rmetrich/.ssh/authorized_keys", O_RDONLY|O_NONBLOCK) =
    11</home/rmetrich/.ssh/authorized_keys> <0.000399> |

  * With |--secontext| option, a new column is added after PID, showing
    the context the PID is executing and each PATH has its context
    associated (when file exists) :

    |118104 [system_u:system_r:sshd_t:s0-s0:c0.c1023] 16:52:11.141122
    select(9, [4<TCP:[0.0.0.0:22]> 6<TCPv6:[[::]:22]>], NULL, NULL,
    NULL) = 1 (in [4]) <1.845416> 119820
    [system_u:system_r:sshd_t:s0-s0:c0.c1023] 16:52:13.133319
    openat(AT_FDCWD, "/home/rmetrich/.ssh/authorized_keys"
    [system_u:object_r:nfs_t:s0], O_RDONLY|O_NONBLOCK) =
    11</home/rmetrich/.ssh/authorized_keys> [system_u:object_r:nfs_t:s0]
    <0.000399> |

  * With |--typeonly| sub-option, same except only the type is displayed
    (which is usually enough):

    |118104 [sshd_t] 16:52:11.141122 select(9, [4<TCP:[0.0.0.0:22]>
    6<TCPv6:[[::]:22]>], NULL, NULL, NULL) = 1 (in [4]) <1.845416>
    119820 [sshd_t] 16:52:13.133319 openat(AT_FDCWD,
    "/home/rmetrich/.ssh/authorized_keys" [nfs_t], O_RDONLY|O_NONBLOCK)
    = 11</home/rmetrich/.ssh/authorized_keys> [nfs_t] <0.000399> |

The PR is here: https://github.com/strace/strace/pull/121


Best regards,

Renaud.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20201117/14e137b4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x5D129094FB6E4326.asc
Type: application/pgp-keys
Size: 3087 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20201117/14e137b4/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20201117/14e137b4/attachment-0001.bin>

More information about the Strace-devel mailing list