Proposing SELinux support in strace

Renaud Métrich rmetrich at
Mon Mar 8 16:12:17 UTC 2021


Please check the newer code on github 
(, I consider it's complete now.

The "*CI / coverage*" and "*CI / clang10-x86_64-dw (pull_request)*" fail 
because of a test not related to the change (*pidns-cache.test* taking 
too much time).


On 3/5/21 3:18 PM, Dmitry V. Levin wrote:
> On Fri, Mar 05, 2021 at 03:04:47PM +0100, Renaud Métrich wrote:
>> Dear all,
>> I reworked the code and created some unit tests. (PR
>> Unfortunately I'm not able to build correctly under the CI for several
>> reasons:
>> - code coverage breaks because the CI system has no SELinux labels,
>> hence the new code is not covered
> Unfortunately, github actions don't enable some Linux features.
> For example, they have no kvm support.
> But I think you can collect the coverage locally, publish it somewhere,
> and post the link here.
>> - compilation with -m32 fails because there is no suitable selinux
>> library for 32bits apparently
>> e.g.
>> 2021-03-05T13:17:54.4436301Z gcc-10 -Wall -Wempty-body -Wformat-security
>> -Wignored-qualifiers -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op
>> -Wmissing-parameter-type -Wnested-externs -Wold-style-declaration
>> -Wold-style-definition -Woverride-init -Wsign-compare -Wtype-limits
>> -Wwrite-strings -Werror -g -O2 -DMPERS_IS_m32 -m32  -o chmod--secontext
>> chmod--secontext.o -lselinux libtests.a
>> 2021-03-05T13:17:54.4515828Z /usr/bin/ld: skipping incompatible
>> /usr/lib/x86_64-linux-gnu/libselinux.a when searching for -lselinux
>> 2021-03-05T13:17:54.4517295Z /usr/bin/ld: cannot find -lselinux
>> 2021-03-05T13:17:54.4518771Z /usr/bin/ld: skipping incompatible
>> /usr/lib/x86_64-linux-gnu/ when searching for -lselinux
>> 2021-03-05T13:17:54.4520200Z /usr/bin/ld: skipping incompatible
>> /usr/lib/x86_64-linux-gnu/libselinux.a when searching for -lselinux
>> 2021-03-05T13:17:54.4521300Z /usr/bin/ld: cannot find -lselinux
>> 2021-03-05T13:17:54.4522032Z collect2: error: ld returned 1 exit status
>> I have no idea what needs to be done to fix this. All I see is configure
>> enables selinux support because the 64bit lib is installed, but
>> apparently not the 32bit one.
> I suggest to implement something in m4/mpers.m4, similar to the way
> AC_CHECK_SIZEOF is used there, so that selinux tests could be enabled per
> mpers depending on the runtime availability.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Strace-devel mailing list