Proposing SELinux support in strace
Dmitry V. Levin
ldv at altlinux.org
Tue Jan 19 23:13:26 UTC 2021
On Sat, Nov 21, 2020 at 09:08:45PM +0100, Renaud Métrich wrote:
[...]
> > By the way, is it correct to hook selinux_getfilecon into printpathn?
> I agree it's kind of a "hack", using "printpathn" is just the simplest
> way to get SELinux contexts when a path is used.
How likely for the result to be correct if strace and the tracee have
different root fs? Also, would the result be correct when the path printed
by printpathn is not an absolute file name?
>From implementation point of view, looks like you hooked into printpathn
in a way that a non-nul-terminated string may be passed to selinux_getfilecon.
> > Also, do you want to display secontext associated with file descriptors?
> Thanks to hooking "printpathn", the context for file descriptors will
> also be printed, e.g.:
>
> [unconfined_t] ... read(3</usr/lib64/libselinux.so.1> [lib_t],
> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\207\0\0\0\0\0\0"...,
> 832) = 832 <0.000015>
>
> That's why hooking "printpathn" is great here.
You've explicitly hooked into printfd_pid to achieve that, haven't you?
--
ldv
More information about the Strace-devel
mailing list