Proposing SELinux support in strace

Dmitry V. Levin ldv at altlinux.org
Fri Mar 5 14:18:20 UTC 2021 

On Fri, Mar 05, 2021 at 03:04:47PM +0100, Renaud Métrich wrote:
> Dear all,
> 
> I reworked the code and created some unit tests. (PR 
> https://github.com/strace/strace/pull/121)
> 
> Unfortunately I'm not able to build correctly under the CI for several 
> reasons:
> 
> - code coverage breaks because the CI system has no SELinux labels, 
> hence the new code is not covered

Unfortunately, github actions don't enable some Linux features.
For example, they have no kvm support.
But I think you can collect the coverage locally, publish it somewhere,
and post the link here.

> - compilation with -m32 fails because there is no suitable selinux 
> library for 32bits apparently
> 
> e.g.
> 
> 2021-03-05T13:17:54.4436301Z gcc-10 -Wall -Wempty-body -Wformat-security 
> -Wignored-qualifiers -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op 
> -Wmissing-parameter-type -Wnested-externs -Wold-style-declaration 
> -Wold-style-definition -Woverride-init -Wsign-compare -Wtype-limits 
> -Wwrite-strings -Werror -g -O2 -DMPERS_IS_m32 -m32  -o chmod--secontext 
> chmod--secontext.o -lselinux libtests.a
> 2021-03-05T13:17:54.4515828Z /usr/bin/ld: skipping incompatible 
> /usr/lib/x86_64-linux-gnu/libselinux.a when searching for -lselinux
> 2021-03-05T13:17:54.4517295Z /usr/bin/ld: cannot find -lselinux
> 2021-03-05T13:17:54.4518771Z /usr/bin/ld: skipping incompatible 
> /usr/lib/x86_64-linux-gnu/libselinux.so when searching for -lselinux
> 2021-03-05T13:17:54.4520200Z /usr/bin/ld: skipping incompatible 
> /usr/lib/x86_64-linux-gnu/libselinux.a when searching for -lselinux
> 2021-03-05T13:17:54.4521300Z /usr/bin/ld: cannot find -lselinux
> 2021-03-05T13:17:54.4522032Z collect2: error: ld returned 1 exit status
> 
> I have no idea what needs to be done to fix this. All I see is configure 
> enables selinux support because the 64bit lib is installed, but 
> apparently not the 32bit one.

I suggest to implement something in m4/mpers.m4, similar to the way
AC_CHECK_SIZEOF is used there, so that selinux tests could be enabled per
mpers depending on the runtime availability.


-- 
ldv

More information about the Strace-devel mailing list