[strace/strace] Implement displaying of expected context upon mismatch (#197)
Renaud Métrich
notifications at github.com
Wed Oct 6 14:12:59 UTC 2021
New options to `--secontext=...`
- `short`: (default, print type only)
- `mismatch`: print expected context on mismatch
When using `mismatch`, an additional check is made on the context by reading the context database and comparing the output after stripping the unwanted part (e.g. stripping nothing in `full` mode, keeping the type only in default / `short` mode):
- if it differs, prints the expected context after print '!!'
- if not, don't print anything
Example with `/home/rmetrich/GIT/strace/autom4te.cache/output.3` file:
~~~
$ matchpathcon /home/rmetrich/GIT/strace/autom4te.cache/output.3
/home/rmetrich/GIT/strace/autom4te.cache/output.3 unconfined_u:object_r:user_home_t:s0
$ ls -Z /home/rmetrich/GIT/strace/autom4te.cache/output.3
system_u:object_r:user_home_t:s0 /home/rmetrich/GIT/strace/autom4te.cache/output.3
~~~
>From above, we see the user part differs (`unconfined_u` vs `system_u`)
Output in `short` mode (no mismatch found since diff is only on the type):
~~~
$ strace --secontext=mismatch -e statx stat /home/rmetrich/GIT/strace/autom4te.cache/output.3
... statx(AT_FDCWD, "/home/rmetrich/GIT/strace/autom4te.cache/output.3" [user_home_t], ...
~~~
Output in `full` mode (diff found on user):
~~~
... statx(AT_FDCWD, "/home/rmetrich/GIT/strace/autom4te.cache/output.3" [system_u:object_r:user_home_t:s0!!unconfined_u:object_r:user_home_t:s0], ...
~~~
You can view, comment on, or merge this pull request online at:
https://github.com/strace/strace/pull/197
-- Commit Summary --
* <a href="https://github.com/strace/strace/pull/197/commits/3beab079d08a86827b92cfaf9ade5489523b4995">Implement displaying of expected context upon mismatch</a>
-- File Changes --
M m4/st_selinux.m4 (18)
M src/secontext.c (155)
M src/secontext.h (2)
M src/strace.c (17)
M tests/.gitignore (4)
M tests/gen_secontext.sh (12)
M tests/gen_tests.in (34)
M tests/linkat.c (37)
M tests/options-syntax.test (18)
M tests/secontext.c (169)
M tests/secontext.h (28)
-- Patch Links --
https://github.com/strace/strace/pull/197.patch
https://github.com/strace/strace/pull/197.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/strace/strace/pull/197
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20211006/5ca9887e/attachment.htm>
More information about the Strace-devel
mailing list