Proposing SELinux support in strace
Renaud Métrich
rmetrich at redhat.com
Thu Jan 21 12:00:08 UTC 2021
Right, it's broken, that cannot work all the time...
On 1/20/21 12:13 AM, Dmitry V. Levin wrote:
> On Sat, Nov 21, 2020 at 09:08:45PM +0100, Renaud Métrich wrote:
> [...]
>>> By the way, is it correct to hook selinux_getfilecon into printpathn?
>> I agree it's kind of a "hack", using "printpathn" is just the simplest
>> way to get SELinux contexts when a path is used.
> How likely for the result to be correct if strace and the tracee have
> different root fs? Also, would the result be correct when the path printed
> by printpathn is not an absolute file name?
>
> From implementation point of view, looks like you hooked into printpathn
> in a way that a non-nul-terminated string may be passed to selinux_getfilecon.
>
>>> Also, do you want to display secontext associated with file descriptors?
>> Thanks to hooking "printpathn", the context for file descriptors will
>> also be printed, e.g.:
>>
>> [unconfined_t] ... read(3</usr/lib64/libselinux.so.1> [lib_t],
>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\207\0\0\0\0\0\0"...,
>> 832) = 832 <0.000015>
>>
>> That's why hooking "printpathn" is great here.
> You've explicitly hooked into printfd_pid to achieve that, haven't you?
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20210121/39a8c2f0/attachment.bin>
More information about the Strace-devel
mailing list