Proposing SELinux support in strace
Dmitry V. Levin
ldv at altlinux.org
Tue Nov 17 09:47:24 UTC 2020
Hi,
On Tue, Nov 17, 2020 at 09:25:29AM +0100, Renaud Métrich wrote:
> Dear developers,
>
> I'm proposing to add SELinux support into strace through using
> "--secontext" option.
>
> This is very useful when debugging SELinux issues, in particular when a
> process runs in an unexpected context or didn't transition properly, or
> when a file being opened has not the proper context resulting in a EPERM.
>
> Sub-option |--typeonly| may be used to only print the type, as shown in
> the examples below:
Thanks, this is a nice feature. I'm not sure about the interface,
though: do we really want to introduce two different but interdependent
options, or would it be better to introduce a single option with
parameters?
--
ldv
More information about the Strace-devel
mailing list