Proposing SELinux support in strace
Dmitry V. Levin
ldv at altlinux.org
Wed Feb 17 00:10:09 UTC 2021
On Thu, Jan 21, 2021 at 01:00:08PM +0100, Renaud Métrich wrote:
> Right, it's broken, that cannot work all the time...
Right, what do you suggest to do with that brokenness?
> On 1/20/21 12:13 AM, Dmitry V. Levin wrote:
> > On Sat, Nov 21, 2020 at 09:08:45PM +0100, Renaud Métrich wrote:
> > [...]
> >>> By the way, is it correct to hook selinux_getfilecon into printpathn?
> >> I agree it's kind of a "hack", using "printpathn" is just the simplest
> >> way to get SELinux contexts when a path is used.
> > How likely for the result to be correct if strace and the tracee have
> > different root fs? Also, would the result be correct when the path printed
> > by printpathn is not an absolute file name?
> >
> > From implementation point of view, looks like you hooked into printpathn
> > in a way that a non-nul-terminated string may be passed to selinux_getfilecon.
> >
> >>> Also, do you want to display secontext associated with file descriptors?
> >> Thanks to hooking "printpathn", the context for file descriptors will
> >> also be printed, e.g.:
> >>
> >> [unconfined_t] ... read(3</usr/lib64/libselinux.so.1> [lib_t],
> >> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\207\0\0\0\0\0\0"...,
> >> 832) = 832 <0.000015>
> >>
> >> That's why hooking "printpathn" is great here.
> > You've explicitly hooked into printfd_pid to achieve that, haven't you?
--
ldv
More information about the Strace-devel
mailing list