rpms
/
strace
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import strace-5.18-2.el8

This commit is contained in:
CentOS Sources 2022-11-08 02:06:12 -05:00 committed by Stepan Oksanichenko
parent 02ddc292d1
commit 63ee62a810
27 changed files with 1864 additions and 8786 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/strace-5.13.tar.xz
SOURCES/strace-5.18.tar.xz

2
.strace.metadata
View File

@ -1 +1 @@
0f48c474de7d34009d3455f589efe790d24050b5 SOURCES/strace-5.13.tar.xz
e038ea9fc29366ce6119cde27d8cf16ac554a353 SOURCES/strace-5.18.tar.xz

86
SOURCES/0155-m4-mpers.m4-generate-HAVE_-_SELINUX_RUNTIME-config-d.patch
View File

@ -1,86 +0,0 @@
From bbe5eefaa928449de5994c5288a7c85fae54f716 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Sat, 31 Jul 2021 15:17:41 +0200
Subject: [PATCH] m4/mpers.m4: generate HAVE_*_SELINUX_RUNTIME config defines
While bootstrap has some provisions for mangling HAVE_SELINUX_RUNTIME
into HAVE_{M32,MX32}_SELINUX_RUNTIME, and there is logic for checking
SELinux runtime presence in non-native personalities, the relevant
configuration definition is not ultimately generated, as it has to be
defined explicitly, similarly to HAVE_*_MPERS.
* m4/mpers.m4 (st_MPERS) [$st_cv_selinux_runtime == yes]: AC_DEFINE
HAVE_SELINUX_RUNTIME.
Complements: v5.12~49 "Implement --secontext[=full] option to display SELinux contexts"
---
m4/mpers.m4 | 4 ++++
1 file changed, 4 insertions(+)
Index: strace-5.7/m4/mpers.m4
===================================================================
--- strace-5.7.orig/m4/mpers.m4 2021-08-24 21:08:43.252246052 +0200
+++ strace-5.7/m4/mpers.m4 2021-08-24 21:26:07.436408149 +0200
@@ -179,6 +179,10 @@
popdef([SIZEOF_STRUCT_MSQID64_DS])
fi
fi
+ if test "x$st_cv_selinux_runtime" = xyes; then
+ AC_DEFINE([HAVE_SELINUX_RUNTIME], [1],
+ [Define to enable SELinux security contexts testing for ]mpers_name[ personality])
+ fi
fi
CPPFLAGS="$saved_CPPFLAGS"
CFLAGS="$saved_CFLAGS"
Index: strace-5.7/src/config.h.in
===================================================================
--- strace-5.7.orig/src/config.h.in 2021-08-24 21:08:43.304245612 +0200
+++ strace-5.7/src/config.h.in 2021-08-24 21:26:07.437408141 +0200
@@ -2181,6 +2181,9 @@
/* Define to 1 if you have mpers_name mpers support */
#undef HAVE_M32_MPERS
+/* Define to enable SELinux security contexts testing for m32 personality */
+#undef HAVE_M32_SELINUX_RUNTIME
+
/* Define to 1 if m32 has the type 'struct stat'. */
#undef HAVE_M32_STRUCT_STAT
@@ -2202,6 +2205,9 @@
/* Define to 1 if you have mpers_name mpers support */
#undef HAVE_MX32_MPERS
+/* Define to enable SELinux security contexts testing for mx32 personality */
+#undef HAVE_MX32_SELINUX_RUNTIME
+
/* Define to 1 if mx32 has the type 'struct stat'. */
#undef HAVE_MX32_STRUCT_STAT
Index: strace-5.7/configure
===================================================================
--- strace-5.7.orig/configure 2021-08-24 21:08:43.315245519 +0200
+++ strace-5.7/configure 2021-08-24 21:26:07.439408124 +0200
@@ -19317,6 +19217,11 @@
fi
fi
+ if test "x$st_cv_m32_selinux_runtime" = xyes; then
+
+$as_echo "#define HAVE_M32_SELINUX_RUNTIME 1" >>confdefs.h
+
+ fi
fi
CPPFLAGS="$saved_CPPFLAGS"
CFLAGS="$saved_CFLAGS"
@@ -20001,6 +20006,11 @@
fi
fi
+ if test "x$st_cv_mx32_selinux_runtime" = xyes; then
+
+$as_echo "#define HAVE_MX32_SELINUX_RUNTIME 1" >>confdefs.h
+
+ fi
fi
CPPFLAGS="$saved_CPPFLAGS"
CFLAGS="$saved_CFLAGS"

77
SOURCES/0163-filter_qualify-free-allocated-data-on-the-error-path.patch
View File

@ -1,77 +0,0 @@
From a034f8a50cbe15d250457ed2eefbf9db059f724f Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Wed, 18 Aug 2021 21:48:38 +0200
Subject: [PATCH 147/150] filter_qualify: free allocated data on the error path
exit of parse_poke_token
While not terribly required due to the fact that issues with option
parsing lead to program termination, these changes avoid leaking data
allocated in the function's scope and not stored elsewhere, which might
come handy if it ever be used dynamically during the runtime.
This also has been reported as resource leaks by covscan, and these
changes should calm it.
* src/filter_qualify.c (parse_poke_token): Go to err label instead of
returning right away; free poke->data, poke, and str_tokenized before
returning false.
References: https://bugzilla.redhat.com/show_bug.cgi?id=1995509
---
src/filter_qualify.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/filter_qualify.c b/src/filter_qualify.c
index df05496..a1a6471 100644
--- a/src/filter_qualify.c
+++ b/src/filter_qualify.c
@@ -169,34 +169,40 @@ parse_poke_token(const char *input, struct inject_opts *fopts, bool isenter)
poke->is_enter = isenter;
if ((val = STR_STRIP_PREFIX(token, "@arg")) == token)
- return false;
+ goto err;
if ((val[0] >= '1') && (val[0] <= '7')) {
poke->arg_no = val[0] - '0';
} else {
- return false;
+ goto err;
}
if (val[1] != '=')
- return false;
+ goto err;
val += 2;
data_len = strlen(val);
if ((data_len == 0) || (data_len % 2) || (data_len > 2048))
- return false;
+ goto err;
data_len /= 2;
poke->data_len = data_len;
poke->data = xmalloc(data_len);
for (size_t i = 0; i < data_len; i++)
if (sscanf(&val[2 * i], "%2hhx", &poke->data[i]) != 1)
- return false;
+ goto err;
if (poke_add(fopts->data.poke_idx, poke))
- return false;
+ goto err;
}
free(str_tokenized);
fopts->data.flags |= flag;
return true;
+
+err:
+ free(poke->data);
+ free(poke);
+ free(str_tokenized);
+ return false;
}
static bool
--
2.1.4

70
SOURCES/0164-macros-expand-BIT-macros-add-MASK-macros-add-_SAFE-m.patch
View File

@ -1,70 +0,0 @@
From 3f3dd44f1964c54b55e8c84343579bd7c1924df5 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Wed, 18 Aug 2021 21:49:12 +0200
Subject: [PATCH 148/150] macros: expand BIT macros, add MASK macros; add
*_SAFE macros
These macros might make reading a code that often converts between powers
of 2 and values/masks a bit easier; moreover, the *_SAFE versions should
help in cases where the shift values are expected to be equal to the type
bit width (which lead to UB otherwise).
Switching from BIT to BIT32 should also clarify bitness, which may be somewhat
murky at times (cf. printxval, printflags, and printxvals).
* src/macros.h [!BIT] (BIT): Rename to...
[!BIT32] (BIT32): ...this.
[!BIT64] (BIT64): New macro.
[!MASK32] (MASK32): Likewise.
[!MASK64] (MASK64): Likewise.
(BIT32_SAFE, BIT64_SAFE, MASK32_SAFE, MASK64_SAFE): New macros.
(FLAG): Use BIT32.
---
src/macros.h | 30 +++++++++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
diff --git a/src/macros.h b/src/macros.h
index 467f5d0..2d7a83d 100644
--- a/src/macros.h
+++ b/src/macros.h
@@ -78,10 +78,34 @@ is_filled(const char *ptr, char fill, size_t size)
# define IS_ARRAY_ZERO(arr_) \
is_filled((const char *) (arr_), 0, sizeof(arr_) + MUST_BE_ARRAY(arr_))
-# ifndef BIT
-# define BIT(x_) (1U << (x_))
+# ifndef BIT32
+# define BIT32(x_) (1U << (x_))
# endif
-# define FLAG(name_) name_ = BIT(name_##_BIT)
+# ifndef BIT64
+# define BIT64(x_) (1ULL << (x_))
+# endif
+
+# ifndef MASK32
+# define MASK32(x_) (BIT32(x_) - 1U)
+# endif
+
+# ifndef MASK64
+# define MASK64(x_) (BIT64(x_) - 1ULL)
+# endif
+
+/*
+ * "Safe" versions that avoid UB for values that are >= type bit size
+ * (the usually expected behaviour of the bit shift in that case is zero,
+ * but at least powerpc is notorious for returning the input value when shift
+ * by 64 bits is performed).
+ */
+
+# define BIT32_SAFE(x_) ((x_) < 32 ? BIT32(x_) : 0)
+# define BIT64_SAFE(x_) ((x_) < 64 ? BIT64(x_) : 0)
+# define MASK32_SAFE(x_) (BIT32_SAFE(x_) - 1U)
+# define MASK64_SAFE(x_) (BIT64_SAFE(x_) - 1ULL)
+
+# define FLAG(name_) name_ = BIT32(name_##_BIT)
#endif /* !STRACE_MACROS_H */
--
2.1.4

151
SOURCES/0165-trie-use-BIT-and-MASK-macros.patch
View File

@ -1,151 +0,0 @@
From 8ef5456338a947944cc03b95c22c837af5884ddc Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Wed, 18 Aug 2021 21:51:22 +0200
Subject: [PATCH 149/150] trie: use BIT* and MASK* macros
This makes reading the code a bit easier. It also solves some issues
where there is a hypothertical possibility of having bit shifts of size
64, by virtue of using the *_SAFE macros (that should silence some
reported "left shifting by more than 63 bits has undefined behavior"
covscan issues).
* src/trie.c (trie_create): Use BIT32, MASK64.
(trie_create_data_block): Use BIT32, change iterator variable type
to size_t.
(trie_get_node): Use BIT64, MASK64.
(trie_data_block_calc_pos): Use BIT32, MASK64, MASK64_SAFE.
(trie_iterate_keys_node): Use BIT64, MASK64, MASK64_SAFE.
(trie_free_node): Use BIT64.
---
src/trie.c | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/trie.c b/src/trie.c
index 586ff25..0a231e4 100644
--- a/src/trie.c
+++ b/src/trie.c
@@ -15,6 +15,7 @@
#include <stdio.h>
#include "trie.h"
+#include "macros.h"
#include "xmalloc.h"
static const uint8_t ptr_sz_lg = (sizeof(void *) == 8 ? 6 : 5);
@@ -87,7 +88,7 @@ trie_create(uint8_t key_size, uint8_t item_size_lg, uint8_t node_key_bits,
/ t->node_key_bits;
if (item_size_lg != 6)
- t->empty_value &= (((uint64_t) 1 << (1 << t->item_size_lg)) - 1);
+ t->empty_value &= MASK64(BIT32(t->item_size_lg));
return t;
}
@@ -96,8 +97,8 @@ static void *
trie_create_data_block(struct trie *t)
{
uint64_t fill_value = t->empty_value;
- for (int i = 1; i < 1 << (6 - t->item_size_lg); i++) {
- fill_value <<= (1 << t->item_size_lg);
+ for (size_t i = 1; i < BIT32(6 - t->item_size_lg); i++) {
+ fill_value <<= BIT32(t->item_size_lg);
fill_value |= t->empty_value;
}
@@ -105,7 +106,7 @@ trie_create_data_block(struct trie *t)
if (sz < 6)
sz = 6;
- size_t count = 1 << (sz - 6);
+ size_t count = BIT32(sz - 6);
uint64_t *data_block = xcalloc(count, 8);
for (size_t i = 0; i < count; i++)
@@ -119,7 +120,7 @@ trie_get_node(struct trie *t, uint64_t key, bool auto_create)
{
void **cur_node = &(t->data);
- if (t->key_size < 64 && key > (uint64_t) 1 << t->key_size)
+ if (t->key_size < 64 && key > MASK64(t->key_size))
return NULL;
for (uint8_t cur_depth = 0; cur_depth <= t->max_depth; cur_depth++) {
@@ -133,13 +134,13 @@ trie_get_node(struct trie *t, uint64_t key, bool auto_create)
if (cur_depth == t->max_depth)
*cur_node = trie_create_data_block(t);
else
- *cur_node = xcalloc(1 << sz, 1);
+ *cur_node = xcalloc(BIT64(sz), 1);
}
if (cur_depth == t->max_depth)
break;
- size_t pos = (key >> offs) & ((1 << (sz - ptr_sz_lg)) - 1);
+ size_t pos = (key >> offs) & MASK64(sz - ptr_sz_lg);
cur_node = (((void **) (*cur_node)) + pos);
}
@@ -152,7 +153,7 @@ trie_data_block_calc_pos(struct trie *t, uint64_t key,
{
uint64_t key_mask;
- key_mask = (1 << t->data_block_key_bits) - 1;
+ key_mask = MASK64(t->data_block_key_bits);
*pos = (key & key_mask) >> (6 - t->item_size_lg);
if (t->item_size_lg == 6) {
@@ -161,10 +162,10 @@ trie_data_block_calc_pos(struct trie *t, uint64_t key,
return;
}
- key_mask = (1 << (6 - t->item_size_lg)) - 1;
- *offs = (key & key_mask) * (1 << t->item_size_lg);
+ key_mask = MASK64(6 - t->item_size_lg);
+ *offs = (key & key_mask) << t->item_size_lg;
- *mask = (((uint64_t) 1 << (1 << t->item_size_lg)) - 1) << *offs;
+ *mask = MASK64_SAFE(BIT32(t->item_size_lg)) << *offs;
}
bool
@@ -211,7 +212,7 @@ trie_iterate_keys_node(struct trie *t,
return 0;
if (t->key_size < 64) {
- uint64_t key_max = ((uint64_t) 1 << t->key_size) - 1;
+ uint64_t key_max = MASK64(t->key_size);
if (end > key_max)
end = key_max;
}
@@ -228,15 +229,14 @@ trie_iterate_keys_node(struct trie *t,
t->key_size :
trie_get_node_bit_offs(t, depth - 1);
- uint64_t first_key_in_node = start &
- (uint64_t) -1 << parent_node_bit_off;
+ uint64_t first_key_in_node = start & ~MASK64_SAFE(parent_node_bit_off);
uint8_t node_bit_off = trie_get_node_bit_offs(t, depth);
uint8_t node_key_bits = parent_node_bit_off - node_bit_off;
- uint64_t mask = ((uint64_t) 1 << (node_key_bits)) - 1;
+ uint64_t mask = MASK64_SAFE(node_key_bits);
uint64_t start_index = (start >> node_bit_off) & mask;
uint64_t end_index = (end >> node_bit_off) & mask;
- uint64_t child_key_count = (uint64_t) 1 << node_bit_off;
+ uint64_t child_key_count = BIT64(node_bit_off);
uint64_t count = 0;
@@ -274,7 +274,7 @@ trie_free_node(struct trie *t, void *node, uint8_t depth)
if (depth >= t->max_depth)
goto free_node;
- size_t sz = 1 << (trie_get_node_size(t, depth) - ptr_sz_lg);
+ size_t sz = BIT64(trie_get_node_size(t, depth) - ptr_sz_lg);
for (size_t i = 0; i < sz; i++)
trie_free_node(t, ((void **) node)[i], depth + 1);
--
2.1.4

52
SOURCES/0166-tee-rewrite-num_params-access-in-tee_fetch_buf_data.patch
View File

@ -1,52 +0,0 @@
From 3a68f90c2a5a208b475cc2014f85ae04541ec5b6 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Fri, 20 Aug 2021 21:31:01 +0200
Subject: [PATCH 150/150] tee: rewrite num_params access in tee_fetch_buf_data
Pointer to num_params field of the fetched structure is passed in a
separate function argument which provokes covscan complaints about
uninitialised accesses and also tingles my aliasing rules senses.
Rewrite to access it via the arg_struct argument which is fetched
earlier in the function flow.
* src/tee.c (TEE_FETCH_BUF_DATA): Change &arg_.num_params
to offsetof(typeof(arg_), num_params).
(tee_fetch_buf_data): Accept offset of the num_params field instead
of pointer to it; reconstruct the num_params pointer using it.
---
src/tee.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/tee.c b/src/tee.c
index f9eda52..d7e9b15 100644
--- a/src/tee.c
+++ b/src/tee.c
@@ -33,7 +33,7 @@ struct tee_ioctl_shm_register_fd_data {
#define TEE_FETCH_BUF_DATA(buf_, arg_, params_) \
tee_fetch_buf_data(tcp, arg, &buf_, sizeof(arg_), \
- &arg_, &arg_.num_params, \
+ &arg_, offsetof(typeof(arg_), num_params), \
params_)
/* session id is printed as 0x%x in libteec */
@@ -56,7 +56,7 @@ tee_fetch_buf_data(struct tcb *const tcp,
struct tee_ioctl_buf_data *buf,
size_t arg_size,
void *arg_struct,
- unsigned *num_params,
+ size_t num_params_offs,
uint64_t *params)
{
if (umove_or_printaddr(tcp, arg, buf))
@@ -69,6 +69,7 @@ tee_fetch_buf_data(struct tcb *const tcp,
tee_print_buf(buf);
return RVAL_IOCTL_DECODED;
}
+ uint32_t *num_params = (uint32_t *) (arg_struct + num_params_offs);
if (entering(tcp) &&
(arg_size + TEE_IOCTL_PARAM_SIZE(*num_params) != buf->buf_len)) {
/*
--
2.1.4

55
SOURCES/0167-print_ifindex-fix-IFNAME_QUOTED_SZ-definition.patch
View File

@ -1,55 +0,0 @@
From e27b06773eaf5c0307bcc5637d7457be9be1e6ea Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Wed, 1 Dec 2021 17:11:02 +0100
Subject: [PATCH] print_ifindex: fix IFNAME_QUOTED_SZ definition
sizeof(IFNAMSIZ) instead of IFNAMSIZ was mistakenly used
for IFNAME_QUOTED_SZ initial definition in commit v4.23~87
"print_ifindex: respect xlat style settings".
* src/print_ifindex.c (IFNAME_QUOTED_SZ): Use IFNAMSIZ
instead of sizeof(IFNAMSIZ).
* NEWS: Mention it.
Reported-by: Paulo Andrade <pandrade@redhat.com>
Suggested-by: Paulo Andrade <pandrade@redhat.com>
Fixes: v4.23~87 "print_ifindex: respect xlat style settings"
References: https://bugzilla.redhat.com/show_bug.cgi?id=2028146
---
NEWS | 4 ++++
src/print_ifindex.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index 9bab673..a3036b8 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,12 @@ Noteworthy changes in release ?.?? (????-??-??)
PTRACE_*, RTM_*, RTPROT_*, TRAP_*, UFFD_*, UFFDIO_*, and V4L2_* constants.
* Updated lists of ioctl commands from Linux 5.13.
+ * Bug fixes
+ * Fixed insufficient buffer size used for network interface name printing,
+ that previously led to assertions on attempts of printing interface names
+ that require quoting, for example, names longer than 4 characters in -xx
+ mode (addresses RHBZ bug #2028146).
+
* Portability
* On powerpc and powerpc64, linux kernel >= 2.6.23 is required.
Older versions without a decent PTRACE_GETREGS support will not work.
diff --git a/src/print_ifindex.c b/src/print_ifindex.c
index ec48093..dc9d592 100644
--- a/src/print_ifindex.c
+++ b/src/print_ifindex.c
@@ -13,7 +13,7 @@
# define INI_PFX "if_nametoindex(\""
# define INI_SFX "\")"
-# define IFNAME_QUOTED_SZ (sizeof(IFNAMSIZ) * 4 + 3)
+# define IFNAME_QUOTED_SZ (IFNAMSIZ * 4 + 3)
const char *
get_ifname(const unsigned int ifindex)
--
2.1.4

208
SOURCES/0168-m4-fix-st_SELINUX-check.patch
View File

@ -1,208 +0,0 @@
From b8f375c2c8140e759122bca3e3469386d3ba5184 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Mon, 29 Nov 2021 08:00:00 +0000
Subject: [PATCH 168/174] m4: fix st_SELINUX check
* m4/st_selinux.m4: Make sure selinux support is enabled only if
all expected functions are provided by libselinux.
Fixes: v5.12~49 "Implement --secontext[=full] option to display SELinux contexts"
---
m4/st_selinux.m4 | 36 ++++++++++++++++--------------------
1 file changed, 16 insertions(+), 20 deletions(-)
diff --git a/m4/st_selinux.m4 b/m4/st_selinux.m4
index da72a48..7b24eba 100644
--- a/m4/st_selinux.m4
+++ b/m4/st_selinux.m4
@@ -34,29 +34,25 @@ AS_IF([test "x$with_libselinux" != xno],
AS_IF([test "x$found_selinux_h" = xyes],
[saved_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $libselinux_LDFLAGS"
- AC_CHECK_LIB([selinux],[getpidcon],
- [libselinux_LIBS="-lselinux"
- enable_secontext=yes
- ],
- [if test "x$with_libselinux" != xcheck; then
- AC_MSG_FAILURE([failed to find getpidcon in libselinux])
- fi
- ]
- )
- AC_CHECK_LIB([selinux],[getfilecon],
- [libselinux_LIBS="-lselinux"
- enable_secontext=yes
- ],
- [if test "x$with_libselinux" != xcheck; then
- AC_MSG_FAILURE([failed to find getfilecon in libselinux])
- fi
- ]
+ missing=
+ for func in getpidcon getfilecon; do
+ AC_CHECK_LIB([selinux], [$func], [:],
+ [missing="$missing $func"])
+ done
+ AS_IF([test "x$missing" = x],
+ [libselinux_LIBS="-lselinux"
+ enable_secontext=yes
+ ],
+ [AS_IF([test "x$with_libselinux" != xcheck],
+ [AC_MSG_FAILURE([failed to find in libselinux:$missing])]
+ )
+ ]
)
LDFLAGS="$saved_LDFLAGS"
],
- [if test "x$with_libselinux" != xcheck; then
- AC_MSG_FAILURE([failed to find selinux.h])
- fi
+ [AS_IF([test "x$with_libselinux" != xcheck],
+ [AC_MSG_FAILURE([failed to find selinux.h])]
+ )
]
)
]
--- old/configure 2022-02-07 20:17:58.364068436 +0100
+++ new/configure 2022-02-07 20:19:17.092067347 +0100
@@ -18437,9 +18437,12 @@
if test "x$found_selinux_h" = xyes; then :
saved_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $libselinux_LDFLAGS"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpidcon in -lselinux" >&5
-$as_echo_n "checking for getpidcon in -lselinux... " >&6; }
-if ${ac_cv_lib_selinux_getpidcon+:} false; then :
+ missing=
+ for func in getpidcon getfilecon; do
+ as_ac_Lib=`$as_echo "ac_cv_lib_selinux_$func" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $func in -lselinux" >&5
+$as_echo_n "checking for $func in -lselinux... " >&6; }
+if eval \${$as_ac_Lib+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -18453,101 +18456,59 @@
#ifdef __cplusplus
extern "C"
#endif
-char getpidcon ();
+char $func ();
int
main ()
{
-return getpidcon ();
+return $func ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_selinux_getpidcon=yes
+ eval "$as_ac_Lib=yes"
else
- ac_cv_lib_selinux_getpidcon=no
+ eval "$as_ac_Lib=no"
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_getpidcon" >&5
-$as_echo "$ac_cv_lib_selinux_getpidcon" >&6; }
-if test "x$ac_cv_lib_selinux_getpidcon" = xyes; then :
- libselinux_LIBS="-lselinux"
- enable_secontext=yes
-
+eval ac_res=\$$as_ac_Lib
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
+ :
else
- if test "x$with_libselinux" != xcheck; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to find getpidcon in libselinux
-See \`config.log' for more details" "$LINENO" 5; }
- fi
-
-
+ missing="$missing $func"
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getfilecon in -lselinux" >&5
-$as_echo_n "checking for getfilecon in -lselinux... " >&6; }
-if ${ac_cv_lib_selinux_getfilecon+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lselinux $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getfilecon ();
-int
-main ()
-{
-return getfilecon ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_selinux_getfilecon=yes
-else
- ac_cv_lib_selinux_getfilecon=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_getfilecon" >&5
-$as_echo "$ac_cv_lib_selinux_getfilecon" >&6; }
-if test "x$ac_cv_lib_selinux_getfilecon" = xyes; then :
+ done
+ if test "x$missing" = x; then :
libselinux_LIBS="-lselinux"
- enable_secontext=yes
+ enable_secontext=yes
else
- if test "x$with_libselinux" != xcheck; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+ if test "x$with_libselinux" != xcheck; then :
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to find getfilecon in libselinux
+as_fn_error $? "failed to find in libselinux:$missing
See \`config.log' for more details" "$LINENO" 5; }
- fi
-
fi
+
+fi
LDFLAGS="$saved_LDFLAGS"
else
- if test "x$with_libselinux" != xcheck; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+ if test "x$with_libselinux" != xcheck; then :
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "failed to find selinux.h
See \`config.log' for more details" "$LINENO" 5; }
- fi
+
+fi
fi
--
2.1.4

6958
SOURCES/0169-Implement-displaying-of-expected-context-upon-mismat.patch
View File

File diff suppressed because it is too large Load Diff

122
SOURCES/0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch
View File

@ -1,122 +0,0 @@
From f5fd689e40322a7b08a97eb2d26f192610728230 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 16:10:28 +0100
Subject: [PATCH 170/174] tests/linkat: reset errno before SELinux context
manipulation
To avoid printing a stale error information in case of mismatch check
failure.
* tests/linkat.c: Include <errno.h>.
(main): Add "errno = 0" before update_secontext_field calls.
---
tests/linkat.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tests/linkat.c b/tests/linkat.c
index 1a869e3..c3e2ee4 100644
--- a/tests/linkat.c
+++ b/tests/linkat.c
@@ -10,6 +10,7 @@
#include "tests.h"
#include "scno.h"
+#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@@ -91,6 +92,7 @@ main(void)
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
@@ -112,6 +114,7 @@ main(void)
free(sample_1_secontext);
#endif
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -142,6 +145,7 @@ main(void)
int dfd_old = get_dir_fd(".");
char *cwd = get_fd_path(dfd_old);
+ errno = 0;
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
--- a/tests-m32/linkat.c
+++ b/tests-m32/linkat.c
@@ -10,6 +10,7 @@
#include "tests.h"
#include "scno.h"
+#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@@ -91,6 +92,7 @@ main(void)
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
@@ -112,6 +114,7 @@ main(void)
free(sample_1_secontext);
#endif
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -142,6 +145,7 @@ main(void)
int dfd_old = get_dir_fd(".");
char *cwd = get_fd_path(dfd_old);
+ errno = 0;
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
--- a/tests-mx32/linkat.c
+++ b/tests-mx32/linkat.c
@@ -10,6 +10,7 @@
#include "tests.h"
#include "scno.h"
+#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@@ -91,6 +92,7 @@ main(void)
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
@@ -112,6 +114,7 @@ main(void)
free(sample_1_secontext);
#endif
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -142,6 +145,7 @@ main(void)
int dfd_old = get_dir_fd(".");
char *cwd = get_fd_path(dfd_old);
+ errno = 0;
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
--
2.1.4

356
SOURCES/0171-tests-secontext-add-secontext-field-getters.patch
View File

@ -1,356 +0,0 @@
From 4951286eb634c00c11883b851c91f3a21975eabd Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:03:57 +0100
Subject: [PATCH 171/174] tests/secontext: add secontext field getters
* tests/secontext.h (get_secontext_field, get_secontext_field_file): New
declarations.
* tests/secontext.c (get_type_from_context): Rename to...
(get_secontext_field): ...this; remove "static" qualifier; add "field"
argument, use it.
(raw_expected_secontext_short_file, raw_secontext_short_pid): Replace
get_type_from_context call with get_secontext_field.
(get_secontext_field_file): New function.
(raw_secontext_short_file): Replace body with get_secontext_field_file
call.
---
tests/secontext.c | 27 +++++++++++++++------------
tests/secontext.h | 20 ++++++++++++++++++++
2 files changed, 35 insertions(+), 12 deletions(-)
diff --git a/tests/secontext.c b/tests/secontext.c
index 848eea9..52211ed 100644
--- a/tests/secontext.c
+++ b/tests/secontext.c
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
return context;
}
-static char *
-get_type_from_context(const char *full_context)
+char *
+get_secontext_field(const char *full_context, enum secontext_field field)
{
int saved_errno = errno;
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
char *context = NULL;
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
token; token = strtok_r(NULL, ":", &saveptr), i++) {
- if (i == 2) {
+ if (i == field) {
context = xstrdup(token);
break;
}
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
int saved_errno = errno;
char *ctx = raw_expected_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
return full_secontext;
}
-static char *
-raw_secontext_short_file(const char *filename)
+char *
+get_secontext_field_file(const char *file, enum secontext_field field)
{
- int saved_errno = errno;
-
- char *ctx = raw_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *ctx = raw_secontext_full_file(file);
+ char *type = get_secontext_field(ctx, field);
free(ctx);
- errno = saved_errno;
return type;
}
static char *
+raw_secontext_short_file(const char *filename)
+{
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
int saved_errno = errno;
char *ctx = raw_secontext_full_pid(pid);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
diff --git a/tests/secontext.h b/tests/secontext.h
index 1d0251a..e5571d5 100644
--- a/tests/secontext.h
+++ b/tests/secontext.h
@@ -23,6 +23,15 @@ enum secontext_field {
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
+/**
+ * Parse a SELinux context string and return a specified field, duplicated
+ * in a separate string. The caller is responsible for freeing the memory
+ * pointed by the returned value.
+ */
+char *get_secontext_field(const char *full_context, enum secontext_field field);
+
+char *get_secontext_field_file(const char *file, enum secontext_field field);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
#else
+static inline char *
+get_secontext_field(const char *ctx, enum secontext_field field)
+{
+ return NULL;
+}
+static inline char *
+get_secontext_field_file(const char *file, enum secontext_field field)
+{
+ return NULL;
+}
+
static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
index 848eea9..52211ed 100644
--- a/tests-m32/secontext.c
+++ b/tests-m32/secontext.c
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
return context;
}
-static char *
-get_type_from_context(const char *full_context)
+char *
+get_secontext_field(const char *full_context, enum secontext_field field)
{
int saved_errno = errno;
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
char *context = NULL;
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
token; token = strtok_r(NULL, ":", &saveptr), i++) {
- if (i == 2) {
+ if (i == field) {
context = xstrdup(token);
break;
}
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
int saved_errno = errno;
char *ctx = raw_expected_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
return full_secontext;
}
-static char *
-raw_secontext_short_file(const char *filename)
+char *
+get_secontext_field_file(const char *file, enum secontext_field field)
{
- int saved_errno = errno;
-
- char *ctx = raw_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *ctx = raw_secontext_full_file(file);
+ char *type = get_secontext_field(ctx, field);
free(ctx);
- errno = saved_errno;
return type;
}
static char *
+raw_secontext_short_file(const char *filename)
+{
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
int saved_errno = errno;
char *ctx = raw_secontext_full_pid(pid);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
diff --git a/tests-m32/secontext.h b/tests-m32/secontext.h
index 1d0251a..e5571d5 100644
--- a/tests-m32/secontext.h
+++ b/tests-m32/secontext.h
@@ -23,6 +23,15 @@ enum secontext_field {
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
+/**
+ * Parse a SELinux context string and return a specified field, duplicated
+ * in a separate string. The caller is responsible for freeing the memory
+ * pointed by the returned value.
+ */
+char *get_secontext_field(const char *full_context, enum secontext_field field);
+
+char *get_secontext_field_file(const char *file, enum secontext_field field);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
#else
+static inline char *
+get_secontext_field(const char *ctx, enum secontext_field field)
+{
+ return NULL;
+}
+static inline char *
+get_secontext_field_file(const char *file, enum secontext_field field)
+{
+ return NULL;
+}
+
static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
index 848eea9..52211ed 100644
--- a/tests-mx32/secontext.c
+++ b/tests-mx32/secontext.c
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
return context;
}
-static char *
-get_type_from_context(const char *full_context)
+char *
+get_secontext_field(const char *full_context, enum secontext_field field)
{
int saved_errno = errno;
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
char *context = NULL;
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
token; token = strtok_r(NULL, ":", &saveptr), i++) {
- if (i == 2) {
+ if (i == field) {
context = xstrdup(token);
break;
}
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
int saved_errno = errno;
char *ctx = raw_expected_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
return full_secontext;
}
-static char *
-raw_secontext_short_file(const char *filename)
+char *
+get_secontext_field_file(const char *file, enum secontext_field field)
{
- int saved_errno = errno;
-
- char *ctx = raw_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *ctx = raw_secontext_full_file(file);
+ char *type = get_secontext_field(ctx, field);
free(ctx);
- errno = saved_errno;
return type;
}
static char *
+raw_secontext_short_file(const char *filename)
+{
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
int saved_errno = errno;
char *ctx = raw_secontext_full_pid(pid);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
diff --git a/tests-mx32/secontext.h b/tests-mx32/secontext.h
index 1d0251a..e5571d5 100644
--- a/tests-mx32/secontext.h
+++ b/tests-mx32/secontext.h
@@ -23,6 +23,15 @@ enum secontext_field {
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
+/**
+ * Parse a SELinux context string and return a specified field, duplicated
+ * in a separate string. The caller is responsible for freeing the memory
+ * pointed by the returned value.
+ */
+char *get_secontext_field(const char *full_context, enum secontext_field field);
+
+char *get_secontext_field_file(const char *file, enum secontext_field field);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
#else
+static inline char *
+get_secontext_field(const char *ctx, enum secontext_field field)
+{
+ return NULL;
+}
+static inline char *
+get_secontext_field_file(const char *file, enum secontext_field field)
+{
+ return NULL;
+}
+
static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
--
2.1.4

181
SOURCES/0172-tests-linkat-provide-fallback-values-for-secontext-f.patch
View File

@ -1,181 +0,0 @@
From 97e2742a7f1e6e113354911d04505ada3bfb5d70 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:04:42 +0100
Subject: [PATCH 172/174] tests/linkat: provide fallback values for secontext
fields changes
* tests/linkat.c (mangle_secontext_field): New function.
(main): Replace calls to update_secontext_field
with mangle_secontext_field calls.
---
tests/linkat.c | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/tests/linkat.c b/tests/linkat.c
index c3e2ee4..decb736 100644
--- a/tests/linkat.c
+++ b/tests/linkat.c
@@ -21,6 +21,20 @@
#include "secontext.h"
#include "xmalloc.h"
+static void
+mangle_secontext_field(const char *path, enum secontext_field field,
+ const char *new_val, const char *fallback_val)
+{
+ char *orig = get_secontext_field_file(path, field);
+ if (!orig)
+ return;
+
+ update_secontext_field(path, field,
+ strcmp(new_val, orig) ? new_val : fallback_val);
+
+ free(orig);
+}
+
int
main(void)
{
@@ -93,7 +107,8 @@ main(void)
#ifdef PRINT_SECONTEXT_MISMATCH
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
+ "unconfined_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
# ifdef PRINT_SECONTEXT_FULL
@@ -115,7 +130,8 @@ main(void)
#endif
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -146,7 +162,8 @@ main(void)
char *cwd = get_fd_path(dfd_old);
errno = 0;
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-m32/linkat.c b/tests-m32/linkat.c
index c3e2ee4..decb736 100644
--- a/tests-m32/linkat.c
+++ b/tests-m32/linkat.c
@@ -21,6 +21,20 @@
#include "secontext.h"
#include "xmalloc.h"
+static void
+mangle_secontext_field(const char *path, enum secontext_field field,
+ const char *new_val, const char *fallback_val)
+{
+ char *orig = get_secontext_field_file(path, field);
+ if (!orig)
+ return;
+
+ update_secontext_field(path, field,
+ strcmp(new_val, orig) ? new_val : fallback_val);
+
+ free(orig);
+}
+
int
main(void)
{
@@ -93,7 +107,8 @@ main(void)
#ifdef PRINT_SECONTEXT_MISMATCH
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
+ "unconfined_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
# ifdef PRINT_SECONTEXT_FULL
@@ -115,7 +130,8 @@ main(void)
#endif
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -146,7 +162,8 @@ main(void)
char *cwd = get_fd_path(dfd_old);
errno = 0;
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-mx32/linkat.c b/tests-mx32/linkat.c
index c3e2ee4..decb736 100644
--- a/tests-mx32/linkat.c
+++ b/tests-mx32/linkat.c
@@ -21,6 +21,20 @@
#include "secontext.h"
#include "xmalloc.h"
+static void
+mangle_secontext_field(const char *path, enum secontext_field field,
+ const char *new_val, const char *fallback_val)
+{
+ char *orig = get_secontext_field_file(path, field);
+ if (!orig)
+ return;
+
+ update_secontext_field(path, field,
+ strcmp(new_val, orig) ? new_val : fallback_val);
+
+ free(orig);
+}
+
int
main(void)
{
@@ -93,7 +107,8 @@ main(void)
#ifdef PRINT_SECONTEXT_MISMATCH
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
+ "unconfined_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
# ifdef PRINT_SECONTEXT_FULL
@@ -115,7 +130,8 @@ main(void)
#endif
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -146,7 +162,8 @@ main(void)
char *cwd = get_fd_path(dfd_old);
errno = 0;
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
#ifdef PRINT_SECONTEXT_MISMATCH
--
2.1.4

63
SOURCES/0173-tests-secontext-eliminate-separate-secontext_format-.patch
View File

@ -1,63 +0,0 @@
From 6e8aa3749cb7e11e9a59db996f79f036bf7ef263 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:05:19 +0100
Subject: [PATCH 173/174] tests/secontext: eliminate separate secontext_format
declaration
* tests/secontext.c (secontext_format): Remove declaration, supply
the attributes to the definition.
---
tests/secontext.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/tests/secontext.c b/tests/secontext.c
index 52211ed..ba271c8 100644
--- a/tests/secontext.c
+++ b/tests/secontext.c
@@ -23,10 +23,7 @@
# define TEST_SECONTEXT
# include "secontext.h"
-static char *
-secontext_format(char *context, const char *fmt)
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
-
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
static char *
secontext_format(char *context, const char *fmt)
{
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
index 52211ed..ba271c8 100644
--- a/tests-m32/secontext.c
+++ b/tests-m32/secontext.c
@@ -23,10 +23,7 @@
# define TEST_SECONTEXT
# include "secontext.h"
-static char *
-secontext_format(char *context, const char *fmt)
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
-
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
static char *
secontext_format(char *context, const char *fmt)
{
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
index 52211ed..ba271c8 100644
--- a/tests-mx32/secontext.c
+++ b/tests-mx32/secontext.c
@@ -23,10 +23,7 @@
# define TEST_SECONTEXT
# include "secontext.h"
-static char *
-secontext_format(char *context, const char *fmt)
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
-
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
static char *
secontext_format(char *context, const char *fmt)
{
--
2.1.4

190
SOURCES/0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
View File

@ -1,190 +0,0 @@
From 78a81bcfb71ef3d9f6e8b1a32e123fbbc6112a60 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:24:34 +0100
Subject: [PATCH 174/174] tests/linkat: reset context to the expected one if a
mismatch has been detected
* tests/secontext.h (reset_secontext_file): New declaration.
* tests/secontext.c (reset_secontext_file): New function.
* tests/linkat.c (main): Check that there is no initial mismatch
in the sample_1 context, reset it otherwise.
---
tests/linkat.c | 3 +++
tests/secontext.c | 7 +++++++
tests/secontext.h | 7 +++++++
3 files changed, 17 insertions(+)
diff --git a/tests/linkat.c b/tests/linkat.c
index decb736..781b85a 100644
--- a/tests/linkat.c
+++ b/tests/linkat.c
@@ -103,6 +103,9 @@ main(void)
if (close(fd_sample_2))
perror_msg_and_fail("close");
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
+ reset_secontext_file(sample_1);
+
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests/secontext.c b/tests/secontext.c
index ba271c8..94fadd4 100644
--- a/tests/secontext.c
+++ b/tests/secontext.c
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
}
+void reset_secontext_file(const char *file)
+{
+ char *proper_ctx = raw_expected_secontext_full_file(file);
+ (void) setfilecon(file, proper_ctx);
+ free(proper_ctx);
+}
+
void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests/secontext.h b/tests/secontext.h
index e5571d5..387263e 100644
--- a/tests/secontext.h
+++ b/tests/secontext.h
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
+void reset_secontext_file(const char *file);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
}
static inline void
+reset_secontext_file(const char *file)
+{
+}
+
+static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
{
diff --git a/tests-m32/linkat.c b/tests-m32/linkat.c
index decb736..781b85a 100644
--- a/tests-m32/linkat.c
+++ b/tests-m32/linkat.c
@@ -103,6 +103,9 @@ main(void)
if (close(fd_sample_2))
perror_msg_and_fail("close");
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
+ reset_secontext_file(sample_1);
+
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
index ba271c8..94fadd4 100644
--- a/tests-m32/secontext.c
+++ b/tests-m32/secontext.c
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
}
+void reset_secontext_file(const char *file)
+{
+ char *proper_ctx = raw_expected_secontext_full_file(file);
+ (void) setfilecon(file, proper_ctx);
+ free(proper_ctx);
+}
+
void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-m32/secontext.h b/tests-m32/secontext.h
index e5571d5..387263e 100644
--- a/tests-m32/secontext.h
+++ b/tests-m32/secontext.h
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
+void reset_secontext_file(const char *file);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
}
static inline void
+reset_secontext_file(const char *file)
+{
+}
+
+static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
{
diff --git a/tests-mx32/linkat.c b/tests-mx32/linkat.c
index decb736..781b85a 100644
--- a/tests-mx32/linkat.c
+++ b/tests-mx32/linkat.c
@@ -103,6 +103,9 @@ main(void)
if (close(fd_sample_2))
perror_msg_and_fail("close");
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
+ reset_secontext_file(sample_1);
+
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
index ba271c8..94fadd4 100644
--- a/tests-mx32/secontext.c
+++ b/tests-mx32/secontext.c
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
}
+void reset_secontext_file(const char *file)
+{
+ char *proper_ctx = raw_expected_secontext_full_file(file);
+ (void) setfilecon(file, proper_ctx);
+ free(proper_ctx);
+}
+
void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-mx32/secontext.h b/tests-mx32/secontext.h
index e5571d5..387263e 100644
--- a/tests-mx32/secontext.h
+++ b/tests-mx32/secontext.h
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
+void reset_secontext_file(const char *file);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
}
static inline void
+reset_secontext_file(const char *file)
+{
+}
+
+static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
{
--
2.1.4

58
SOURCES/0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch Normal file
View File

@ -0,0 +1,58 @@
From 2bf069698a384ff2bc62d2a10544d49d766b4d7f Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Mon, 27 Jun 2022 18:00:17 +0200
Subject: [PATCH] src/xlat: remove remnants of unnecessary idx usage in xlookup
As there is no idx saving between calls anymore, there's no need to use
(and update) idx in the XT_SORTED case. Reported by clang as a dead store:
Error: CLANG_WARNING:
strace-5.18/src/xlat.c:84:4: warning[deadcode.DeadStores]: Value stored to 'idx' is never read
* src/xlat.c (xlookup): Remove idx declaration; declare idx inside
of the for loop in the XT_NORMAL case; do not offset x->data and x->size
by offs in the XT_SORTED case and do not update idx upon successful
lookup.
Complements: v5.15~164 "xlat: no longer interpret NULL xlat as continuation"
---
src/xlat.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
Index: strace-5.18/src/xlat.c
===================================================================
--- strace-5.18.orig/src/xlat.c 2022-07-12 17:11:52.660927011 +0200
+++ strace-5.18/src/xlat.c 2022-07-12 17:16:18.116794139 +0200
@@ -61,7 +61,6 @@
const char *
xlookup(const struct xlat *x, const uint64_t val)
{
- size_t idx = 0;
const struct xlat_data *e;
if (!x || !x->data)
@@ -69,21 +68,18 @@
switch (x->type) {
case XT_NORMAL:
- for (; idx < x->size; idx++)
+ for (size_t idx = 0; idx < x->size; idx++)
if (x->data[idx].val == val)
return x->data[idx].str;
break;
case XT_SORTED:
e = bsearch((const void *) &val,
- x->data + idx,
- x->size - idx,
+ x->data, x->size,
sizeof(x->data[0]),
xlat_bsearch_compare);
- if (e) {
- idx = e - x->data;
+ if (e)
return e->str;
- }
break;
case XT_INDEXED:

56
SOURCES/0176-strauss-tips-whitespace-and-phrasing-cleanups.patch Normal file
View File

@ -0,0 +1,56 @@
From e604d7bfd18cf5f29e6723091cc1db2945c918c9 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 28 Jun 2022 16:46:53 +0200
Subject: [PATCH] strauss: tips whitespace and phrasing cleanups
* src/strauss.c (tips_tricks_tweaks): Fix some whitespace and phrasing
issues.
---
src/strauss.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
Index: strace-5.18/src/strauss.c
===================================================================
--- strace-5.18.orig/src/strauss.c 2022-07-12 17:17:08.712197019 +0200
+++ strace-5.18/src/strauss.c 2022-07-12 17:17:20.685055717 +0200
@@ -128,8 +128,8 @@
{ "strace is about as old as the Linux kernel.",
"It has been originally written for SunOS",
"by Paul Kranenburg in 1991. The support",
- "for all OSes except Linux has been dropped",
- "since 2012, though, in strace 4.7." },
+ "for all OSes except Linux was dropped"
+ "in 2012, though, in strace 4.7." },
{ "strace is able to decode netlink messages.",
"It does so automatically for I/O performed",
"on netlink sockets. Try it yourself:", "",
@@ -187,7 +187,7 @@
"want to try --seccomp-bpf option, maybe you",
"will feel better." },
{ "-v is a shorthand for -e abbrev=none and not",
- " for -e verbose=all. It is idiosyncratic,",
+ "for -e verbose=all. It is idiosyncratic,",
"but it is the historic behaviour." },
{ "strace uses netlink for printing",
"protocol-specific information about socket",
@@ -254,7 +254,7 @@
"by invoking it with the following options:", "",
" strace -DDDqqq -enone --signal=none" },
{ "Historically, supplying -o option to strace",
- "led to silencing of messages about tracee",
+ "leads to silencing of messages about tracee",
"attach/detach and personality changes.",
"It can be now overridden with --quiet=none",
"option." },
@@ -285,8 +285,9 @@
"will trace all syscalls related to accessing",
"and modifying process's user/group IDs",
"and capability sets. Other pre-defined",
- "syscall classes include %clock, %desc,%file,",
- "%ipc,%memory, %net,%process, and %signal." },
+ "syscall classes include %clock, %desc,"
+ "%file, %ipc, %memory, %net, %process,"
+ "and %signal." },
{ "Trying to figure out communication between",
"tracees inside a different PID namespace",
"(in so-called \"containers\", for example)?",

48
SOURCES/0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch Normal file
View File

@ -0,0 +1,48 @@
From 968789d5426442ac43b96eabd65f3e5c0c141e62 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 28 Jun 2022 16:47:56 +0200
Subject: [PATCH] strauss: fix off-by-one error in strauss array access
It has to be limited with strauss_lines - 1, not strauss_lines.
Reported by covscan:
Error: OVERRUN (CWE-119):
strace-5.18/src/strauss.c:380: cond_at_least: Checking "4UL + i < 37UL"
implies that "i" is at least 33 on the false branch.
strace-5.18/src/strauss.c:380: overrun-local: Overrunning array "strauss"
of 37 8-byte elements at element index 37 (byte offset 303) using index
"(4UL + i < 37UL) ? 4UL + i : 37UL" (which evaluates to 37).
* src/strauss.c (print_totd): Limit strauss array accesses to
strauss_lines - 1 instead of strauss_lines.
---
src/strauss.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/strauss.c b/src/strauss.c
index 98af183..b22ab6a 100644
--- a/src/strauss.c
+++ b/src/strauss.c
@@ -373,16 +373,16 @@ print_totd(void)
tip_left[MIN(i + 1, ARRAY_SIZE(tip_left) - 1)],
w, w, tips_tricks_tweaks[id][i] ?: "",
tip_right[MIN(i + 1, ARRAY_SIZE(tip_right) - 1)],
- strauss[MIN(3 + i, strauss_lines)]);
+ strauss[MIN(3 + i, strauss_lines - 1)]);
}
fprintf(stderr, "%s%s\n",
- tip_bottom, strauss[MIN(3 + i, strauss_lines)]);
+ tip_bottom, strauss[MIN(3 + i, strauss_lines - 1)]);
do {
fprintf(stderr, "%*s%*s%*s%s\n",
(int) strlen(tip_left[0]), "",
w, "",
(int) strlen(tip_right[0]), "",
- strauss[MIN(4 + i, strauss_lines)]);
+ strauss[MIN(4 + i, strauss_lines - 1)]);
} while ((show_tips == TIPS_FULL) && (4 + ++i < strauss_lines));
printed = true;
--
2.1.4

62
SOURCES/0178-util-add-offs-sanity-check-to-print_clock_t.patch Normal file
View File

@ -0,0 +1,62 @@
From 6d3e97e83a7d61cbb2f5109efb4b519383a55712 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 28 Jun 2022 16:55:49 +0200
Subject: [PATCH] util: add offs sanity check to print_clock_t
While it is not strictly needed right now, the code that uses
the calculated offs value lacks any checks for possible buf overruns,
which is not defensive enough, so let's add them. Reported by covscan:
Error: OVERRUN (CWE-119):
strace-5.18/src/util.c:248: assignment: Assigning:
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
16 and 31 (inclusive).
strace-5.18/src/util.c:249: overrun-local: Overrunning array of 30 bytes
at byte offset 31 by dereferencing pointer "buf + offs". [Note: The source
code implementation of the function has been overridden by a builtin model.]
Error: OVERRUN (CWE-119):
strace-5.18/src/util.c:248: assignment: Assigning:
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
16 and 31 (inclusive).
strace-5.18/src/util.c:253: overrun-buffer-arg: Overrunning array "buf"
of 30 bytes by passing it to a function which accesses it at byte offset
32 using argument "offs + 2UL" (which evaluates to 33). [Note: The source
code implementation of the function has been overridden by a builtin model.]
Error: OVERRUN (CWE-119):
strace-5.18/src/util.c:248: assignment: Assigning:
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
16 and 31 (inclusive).
strace-5.18/src/util.c:254: overrun-local: Overrunning array "buf"
of 30 bytes at byte offset 32 using index "offs + 1UL" (which evaluates
to 32).
* src/util.c (print_clock_t): Add check that offs is small enough
for it and "offs + 2" not to overrun buf.
---
src/util.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/util.c b/src/util.c
index 5f87acb..93aa7b3 100644
--- a/src/util.c
+++ b/src/util.c
@@ -246,6 +246,14 @@ print_clock_t(uint64_t val)
*/
char buf[sizeof(uint64_t) * 3 + sizeof("0.0 s")];
size_t offs = ilog10(val / clk_tck);
+ /*
+ * This check is mostly to appease covscan, which thinks
+ * that offs can go as high as 31 (it cannot), but since
+ * there is no proper sanity checks against offs overrunning
+ * buf down the code, it may as well be here.
+ */
+ if (offs > (sizeof(buf) - sizeof("0.0 s")))
+ return;
int ret = snprintf(buf + offs, sizeof(buf) - offs, "%.*f s",
frac_width,
(double) (val % clk_tck) / clk_tck);
--
2.1.4

882
SOURCES/0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch Normal file
View File

@ -0,0 +1,882 @@
From 960e78f208b4f6d48962bbc9cad45588cc8c90ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
Date: Tue, 21 Jun 2022 08:43:00 +0200
Subject: [PATCH] secontext: print context of Unix socket's sun_path field
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
* src/sockaddr.c: Include "secontext.h".
(print_sockaddr_data_un): Print the SELinux context of sun_path field
using selinux_printfilecon.
* NEWS: Mention this change.
* tests/secontext.c (raw_secontext_full_fd, get_secontext_field_fd,
raw_secontext_short_fd, secontext_full_fd, secontext_short_fd): New
functions.
* tests/secontext.h (secontext_full_fd, secontext_short_fd,
get_secontext_field_fd): New prototypes.
(SECONTEXT_FD): New macro.
* tests/sockname.c: Include "secontext.h".
(test_sockname_syscall): Update expected output.
* tests/gen_tests.in (getsockname--secontext,
getsockname--secontext_full, getsockname--secontext_full_mismatch,
getsockname--secontext_mismatch): New tests.
Resolves: https://github.com/strace/strace/pull/214
---
NEWS | 1 +
src/sockaddr.c | 3 +++
tests/gen_tests.in | 4 ++++
tests/secontext.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
tests/secontext.h | 12 ++++++++++++
tests/sockname.c | 54 +++++++++++++++++++++++++++++++++++-------------------
6 files changed, 104 insertions(+), 19 deletions(-)
Index: strace-5.18/NEWS
===================================================================
--- strace-5.18.orig/NEWS 2022-07-12 18:20:18.495470531 +0200
+++ strace-5.18/NEWS 2022-07-12 18:20:44.531163262 +0200
@@ -5,6 +5,7 @@
* Added an interface of raising des Strausses awareness.
* Added --tips option to print strace tips, tricks, and tweaks
at the end of the tracing session.
+ * Implemented printing of Unix socket sun_path field's SELinux context.
* Enhanced decoding of bpf and io_uring_register syscalls.
* Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl
commands.
Index: strace-5.18/src/sockaddr.c
===================================================================
--- strace-5.18.orig/src/sockaddr.c 2022-07-12 18:17:36.745379483 +0200
+++ strace-5.18/src/sockaddr.c 2022-07-12 18:20:18.495470531 +0200
@@ -63,6 +63,8 @@
#include "xlat/mctp_addrs.h"
#include "xlat/mctp_nets.h"
+#include "secontext.h"
+
#define SIZEOF_SA_FAMILY sizeof_field(struct sockaddr, sa_family)
struct sockaddr_rxrpc {
@@ -115,6 +117,7 @@
if (sa_un->sun_path[0]) {
print_quoted_string(sa_un->sun_path, path_len + 1,
QUOTE_0_TERMINATED);
+ selinux_printfilecon(tcp, sa_un->sun_path);
} else {
tprints("@");
print_quoted_string(sa_un->sun_path + 1, path_len - 1, 0);
Index: strace-5.18/tests/gen_tests.in
===================================================================
--- strace-5.18.orig/tests/gen_tests.in 2022-07-12 18:17:36.746379471 +0200
+++ strace-5.18/tests/gen_tests.in 2022-07-12 18:20:18.496470519 +0200
@@ -225,6 +225,10 @@
getsid -a10
getsid--pidns-translation test_pidns -e trace=getsid -a10
getsockname -a27
+getsockname--secontext -a27 --secontext -e trace=getsockname
+getsockname--secontext_full -a27 --secontext=full -e trace=getsockname
+getsockname--secontext_full_mismatch -a27 --secontext=full,mismatch -e trace=getsockname
+getsockname--secontext_mismatch -a27 --secontext=mismatch -e trace=getsockname
gettid -a9
getuid-creds +getuid.test
getuid32 +getuid.test
Index: strace-5.18/tests/secontext.c
===================================================================
--- strace-5.18.orig/tests/secontext.c 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests/secontext.c 2022-07-12 18:20:18.496470519 +0200
@@ -141,6 +141,21 @@
return full_secontext;
}
+static char *
+raw_secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *full_secontext = NULL;
+ char *secontext;
+
+ if (fgetfilecon(fd, &secontext) >= 0) {
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
+ freecon(secontext);
+ }
+ errno = saved_errno;
+ return full_secontext;
+}
+
char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
@@ -151,6 +166,16 @@
return type;
}
+char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ char *ctx = raw_secontext_full_fd(fd);
+ char *type = get_secontext_field(ctx, field);
+ free(ctx);
+
+ return type;
+}
+
static char *
raw_secontext_short_file(const char *filename)
{
@@ -158,6 +183,12 @@
}
static char *
+raw_secontext_short_fd(int fd)
+{
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -205,6 +236,15 @@
}
char *
+secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_full_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
+
+char *
secontext_full_pid(pid_t pid)
{
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
@@ -228,6 +268,15 @@
errno = saved_errno;
return FORMAT_SPACE_BEFORE(context);
}
+
+char *
+secontext_short_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_short_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
char *
secontext_short_pid(pid_t pid)
Index: strace-5.18/tests/secontext.h
===================================================================
--- strace-5.18.orig/tests/secontext.h 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests/secontext.h 2022-07-12 18:20:18.496470519 +0200
@@ -9,9 +9,11 @@
#include "xmalloc.h"
#include <unistd.h>
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
@@ -30,6 +32,7 @@
*/
char *get_secontext_field(const char *full_context, enum secontext_field field);
+char *get_secontext_field_fd(int fd, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
void reset_secontext_file(const char *file);
@@ -44,6 +47,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
# else
@@ -53,6 +57,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
# endif
@@ -65,6 +70,12 @@
return NULL;
}
static inline char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ return NULL;
+}
+
+static inline char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
return NULL;
@@ -81,6 +92,7 @@
{
}
+# define SECONTEXT_FD(fd) xstrdup("")
# define SECONTEXT_FILE(filename) xstrdup("")
# define SECONTEXT_PID(pid) xstrdup("")
Index: strace-5.18/tests/sockname.c
===================================================================
--- strace-5.18.orig/tests/sockname.c 2022-07-12 18:17:36.748379448 +0200
+++ strace-5.18/tests/sockname.c 2022-07-12 18:20:18.496470519 +0200
@@ -18,6 +18,8 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include "secontext.h"
+
#ifndef TEST_SYSCALL_NAME
# error TEST_SYSCALL_NAME must be defined
#endif
@@ -59,14 +61,19 @@
*plen = sizeof(struct sockaddr_un);
struct sockaddr_un *addr = tail_alloc(*plen);
+ char *my_secontext = SECONTEXT_PID_MY();
+ char *fd_secontext = SECONTEXT_FD(fd);
+
PREPARE_TEST_SYSCALL_INVOCATION;
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
memset(addr, 0, sizeof(*addr));
@@ -75,28 +82,34 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
- printf("%s(%d%s, %p, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
- sprintrc(rc));
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
+ addr, SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext,
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen + 1 SUFFIX_ARGS);
- printf("%s(%d%s, %p, %p%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
plen + 1, SUFFIX_STR, sprintrc(rc));
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
@@ -108,8 +121,9 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
++addr;
@@ -121,17 +135,19 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
- addr->sun_path, (int) sizeof(struct sockaddr),
- (int) *plen, SUFFIX_STR, rc);
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen SUFFIX_ARGS);
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
*plen, SUFFIX_STR, sprintrc(rc));
}
Index: strace-5.18/tests-m32/secontext.c
===================================================================
--- strace-5.18.orig/tests-m32/secontext.c 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-m32/secontext.c 2022-07-12 18:20:18.496470519 +0200
@@ -141,6 +141,21 @@
return full_secontext;
}
+static char *
+raw_secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *full_secontext = NULL;
+ char *secontext;
+
+ if (fgetfilecon(fd, &secontext) >= 0) {
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
+ freecon(secontext);
+ }
+ errno = saved_errno;
+ return full_secontext;
+}
+
char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
@@ -151,6 +166,16 @@
return type;
}
+char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ char *ctx = raw_secontext_full_fd(fd);
+ char *type = get_secontext_field(ctx, field);
+ free(ctx);
+
+ return type;
+}
+
static char *
raw_secontext_short_file(const char *filename)
{
@@ -158,6 +183,12 @@
}
static char *
+raw_secontext_short_fd(int fd)
+{
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -205,6 +236,15 @@
}
char *
+secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_full_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
+
+char *
secontext_full_pid(pid_t pid)
{
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
@@ -228,6 +268,15 @@
errno = saved_errno;
return FORMAT_SPACE_BEFORE(context);
}
+
+char *
+secontext_short_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_short_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
char *
secontext_short_pid(pid_t pid)
Index: strace-5.18/tests-m32/secontext.h
===================================================================
--- strace-5.18.orig/tests-m32/secontext.h 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-m32/secontext.h 2022-07-12 18:20:18.496470519 +0200
@@ -9,9 +9,11 @@
#include "xmalloc.h"
#include <unistd.h>
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
@@ -30,6 +32,7 @@
*/
char *get_secontext_field(const char *full_context, enum secontext_field field);
+char *get_secontext_field_fd(int fd, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
void reset_secontext_file(const char *file);
@@ -44,6 +47,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
# else
@@ -53,6 +57,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
# endif
@@ -65,6 +70,12 @@
return NULL;
}
static inline char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ return NULL;
+}
+
+static inline char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
return NULL;
@@ -81,6 +92,7 @@
{
}
+# define SECONTEXT_FD(fd) xstrdup("")
# define SECONTEXT_FILE(filename) xstrdup("")
# define SECONTEXT_PID(pid) xstrdup("")
Index: strace-5.18/tests-m32/sockname.c
===================================================================
--- strace-5.18.orig/tests-m32/sockname.c 2022-07-12 18:17:36.748379448 +0200
+++ strace-5.18/tests-m32/sockname.c 2022-07-12 18:20:18.496470519 +0200
@@ -18,6 +18,8 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include "secontext.h"
+
#ifndef TEST_SYSCALL_NAME
# error TEST_SYSCALL_NAME must be defined
#endif
@@ -59,14 +61,19 @@
*plen = sizeof(struct sockaddr_un);
struct sockaddr_un *addr = tail_alloc(*plen);
+ char *my_secontext = SECONTEXT_PID_MY();
+ char *fd_secontext = SECONTEXT_FD(fd);
+
PREPARE_TEST_SYSCALL_INVOCATION;
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
memset(addr, 0, sizeof(*addr));
@@ -75,28 +82,34 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
- printf("%s(%d%s, %p, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
- sprintrc(rc));
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
+ addr, SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext,
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen + 1 SUFFIX_ARGS);
- printf("%s(%d%s, %p, %p%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
plen + 1, SUFFIX_STR, sprintrc(rc));
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
@@ -108,8 +121,9 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
++addr;
@@ -121,17 +135,19 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
- addr->sun_path, (int) sizeof(struct sockaddr),
- (int) *plen, SUFFIX_STR, rc);
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen SUFFIX_ARGS);
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
*plen, SUFFIX_STR, sprintrc(rc));
}
Index: strace-5.18/tests-mx32/secontext.c
===================================================================
--- strace-5.18.orig/tests-mx32/secontext.c 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-mx32/secontext.c 2022-07-12 18:20:18.496470519 +0200
@@ -141,6 +141,21 @@
return full_secontext;
}
+static char *
+raw_secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *full_secontext = NULL;
+ char *secontext;
+
+ if (fgetfilecon(fd, &secontext) >= 0) {
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
+ freecon(secontext);
+ }
+ errno = saved_errno;
+ return full_secontext;
+}
+
char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
@@ -151,6 +166,16 @@
return type;
}
+char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ char *ctx = raw_secontext_full_fd(fd);
+ char *type = get_secontext_field(ctx, field);
+ free(ctx);
+
+ return type;
+}
+
static char *
raw_secontext_short_file(const char *filename)
{
@@ -158,6 +183,12 @@
}
static char *
+raw_secontext_short_fd(int fd)
+{
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -205,6 +236,15 @@
}
char *
+secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_full_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
+
+char *
secontext_full_pid(pid_t pid)
{
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
@@ -228,6 +268,15 @@
errno = saved_errno;
return FORMAT_SPACE_BEFORE(context);
}
+
+char *
+secontext_short_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_short_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
char *
secontext_short_pid(pid_t pid)
Index: strace-5.18/tests-mx32/secontext.h
===================================================================
--- strace-5.18.orig/tests-mx32/secontext.h 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-mx32/secontext.h 2022-07-12 18:20:18.496470519 +0200
@@ -9,9 +9,11 @@
#include "xmalloc.h"
#include <unistd.h>
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
@@ -30,6 +32,7 @@
*/
char *get_secontext_field(const char *full_context, enum secontext_field field);
+char *get_secontext_field_fd(int fd, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
void reset_secontext_file(const char *file);
@@ -44,6 +47,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
# else
@@ -53,6 +57,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
# endif
@@ -65,6 +70,12 @@
return NULL;
}
static inline char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ return NULL;
+}
+
+static inline char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
return NULL;
@@ -81,6 +92,7 @@
{
}
+# define SECONTEXT_FD(fd) xstrdup("")
# define SECONTEXT_FILE(filename) xstrdup("")
# define SECONTEXT_PID(pid) xstrdup("")
Index: strace-5.18/tests-mx32/sockname.c
===================================================================
--- strace-5.18.orig/tests-mx32/sockname.c 2022-07-12 18:17:36.748379448 +0200
+++ strace-5.18/tests-mx32/sockname.c 2022-07-12 18:20:18.496470519 +0200
@@ -18,6 +18,8 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include "secontext.h"
+
#ifndef TEST_SYSCALL_NAME
# error TEST_SYSCALL_NAME must be defined
#endif
@@ -59,14 +61,19 @@
*plen = sizeof(struct sockaddr_un);
struct sockaddr_un *addr = tail_alloc(*plen);
+ char *my_secontext = SECONTEXT_PID_MY();
+ char *fd_secontext = SECONTEXT_FD(fd);
+
PREPARE_TEST_SYSCALL_INVOCATION;
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
memset(addr, 0, sizeof(*addr));
@@ -75,28 +82,34 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
- printf("%s(%d%s, %p, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
- sprintrc(rc));
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
+ addr, SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext,
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen + 1 SUFFIX_ARGS);
- printf("%s(%d%s, %p, %p%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
plen + 1, SUFFIX_STR, sprintrc(rc));
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
@@ -108,8 +121,9 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
++addr;
@@ -121,17 +135,19 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
- addr->sun_path, (int) sizeof(struct sockaddr),
- (int) *plen, SUFFIX_STR, rc);
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen SUFFIX_ARGS);
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
*plen, SUFFIX_STR, sprintrc(rc));
}

374
SOURCES/0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch Normal file
View File

@ -0,0 +1,374 @@
From 676979fa9cc7920e5e4d547814f9c0edb597fa0d Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Thu, 30 Jun 2022 16:01:05 +0200
Subject: [PATCH] pathtrace, util: do not print " (deleted)" as part of the
path
In order to allow to discern the unlinked paths from the paths that
do indeed end with " (deleted)".
* src/defs.h (getfdpath_pid): Add deleted parameter.
(getfdpath): Pass NULL as deleted parameter to getfdpath_pid.
* src/largefile_wrappers.h (lstat_file): New macro.
* src/pathtrace.c: Include <sys/stat.h>, <sys/types.h>, <unistd.h>,
and "largefile_wrappers.h".
(getfdpath_pid): Add deleted parameter, check if path ends with
" (deleted)", and if it is, try to figure out if it is a part
of the path by comparing device/inode numbers of the file procfs
link resolves into and the file pointed by the path read; strip
" (deleted)"; set deleted (if it is non-NULL) to true if the fd
is turned out to be deleted and to false otherwise.
* src/util.c (print_quoted_string_in_angle_brackets): Add deleted
parameter, print "(deleted)" after the closing angle bracket if it is
non-NULL.
(printfd_pid): Add deleted local variable, pass it to getfdpath_pid
and print_quoted_string_in_angle_brackets calls.
* tests/fchmod.c: Add checks for a file with " (deleted)" in the path,
update expected output.
* NEWS: Mention the change.
---
NEWS | 5 +++++
src/defs.h | 5 +++--
src/largefile_wrappers.h | 2 ++
src/pathtrace.c | 48 +++++++++++++++++++++++++++++++++++++++++++++---
src/util.c | 10 +++++++---
tests/fchmod.c | 47 +++++++++++++++++++++++++++++++++++++++++++----
6 files changed, 105 insertions(+), 12 deletions(-)
Index: strace-5.18/NEWS
===================================================================
--- strace-5.18.orig/NEWS 2022-07-13 12:52:48.219784860 +0200
+++ strace-5.18/NEWS 2022-07-13 12:52:48.451782122 +0200
@@ -1,6 +1,11 @@
Noteworthy changes in release 5.18 (2022-06-18)
===============================================
+* Changes in behaviour
+ * The "(deleted)" marker for unlinked paths of file descriptors is now printed
+ outside angle brackets; the matching of unlinked paths of file descriptors
+ no longer includes the " (deleted)" part into consideration.
+
* Improvements
* Added an interface of raising des Strausses awareness.
* Added --tips option to print strace tips, tricks, and tweaks
Index: strace-5.18/src/defs.h
===================================================================
--- strace-5.18.orig/src/defs.h 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/src/defs.h 2022-07-13 12:52:54.532710356 +0200
@@ -785,12 +785,13 @@
return pathtrace_match_set(tcp, &global_path_set);
}
-extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize);
+extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize,
+ bool *deleted);
static inline int
getfdpath(struct tcb *tcp, int fd, char *buf, unsigned bufsize)
{
- return getfdpath_pid(tcp->pid, fd, buf, bufsize);
+ return getfdpath_pid(tcp->pid, fd, buf, bufsize, NULL);
}
extern unsigned long getfdinode(struct tcb *, int);
Index: strace-5.18/src/largefile_wrappers.h
===================================================================
--- strace-5.18.orig/src/largefile_wrappers.h 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/src/largefile_wrappers.h 2022-07-13 12:52:48.451782122 +0200
@@ -31,6 +31,7 @@
# endif
# define fstat_fd fstat64
# define strace_stat_t struct stat64
+# define lstat_file lstat64
# define stat_file stat64
# define struct_dirent struct dirent64
# define read_dir readdir64
@@ -42,6 +43,7 @@
# define fcntl_fd fcntl
# define fstat_fd fstat
# define strace_stat_t struct stat
+# define lstat_file lstat
# define stat_file stat
# define struct_dirent struct dirent
# define read_dir readdir
Index: strace-5.18/src/pathtrace.c
===================================================================
--- strace-5.18.orig/src/pathtrace.c 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/src/pathtrace.c 2022-07-13 12:52:54.532710356 +0200
@@ -10,7 +10,11 @@
#include "defs.h"
#include <limits.h>
#include <poll.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include "largefile_wrappers.h"
#include "number_set.h"
#include "sen.h"
#include "xstring.h"
@@ -77,7 +81,7 @@
* Get path associated with fd of a process with pid.
*/
int
-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize)
+getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
{
char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];
ssize_t n;
@@ -91,12 +95,50 @@
xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);
n = readlink(linkpath, buf, bufsize - 1);
+ if (n < 0)
+ goto end;
+
/*
* NB: if buf is too small, readlink doesn't fail,
* it returns truncated result (IOW: n == bufsize - 1).
*/
- if (n >= 0)
- buf[n] = '\0';
+ buf[n] = '\0';
+ if (deleted)
+ *deleted = false;
+
+ /*
+ * Try to figure out if the kernel has appended " (deleted)"
+ * to the end of a potentially unlinked path and set deleted
+ * if it is the case.
+ */
+ static const char del_sfx[] = " (deleted)";
+ if ((size_t) n <= sizeof(del_sfx))
+ goto end;
+
+ char *del = buf + n + 1 - sizeof(del_sfx);
+
+ if (memcmp(del, del_sfx, sizeof(del_sfx)))
+ goto end;
+
+ strace_stat_t st_link;
+ strace_stat_t st_path;
+ int rc = stat_file(linkpath, &st_link);
+
+ if (rc)
+ goto end;
+
+ rc = lstat_file(buf, &st_path);
+
+ if (rc ||
+ (st_link.st_ino != st_path.st_ino) ||
+ (st_link.st_dev != st_path.st_dev)) {
+ *del = '\0';
+ n = del - buf + 1;
+ if (deleted)
+ *deleted = true;
+ }
+
+end:
return n;
}
Index: strace-5.18/src/util.c
===================================================================
--- strace-5.18.orig/src/util.c 2022-07-13 12:52:47.989787575 +0200
+++ strace-5.18/src/util.c 2022-07-13 12:52:48.452782111 +0200
@@ -735,12 +735,15 @@
}
static void
-print_quoted_string_in_angle_brackets(const char *str)
+print_quoted_string_in_angle_brackets(const char *str, const bool deleted)
{
tprints("<");
print_quoted_string_ex(str, strlen(str),
QUOTE_OMIT_LEADING_TRAILING_QUOTES, "<>");
tprints(">");
+
+ if (deleted)
+ tprints("(deleted)");
}
void
@@ -749,8 +752,9 @@
PRINT_VAL_D(fd);
char path[PATH_MAX + 1];
+ bool deleted;
if (pid > 0 && !number_set_array_is_empty(decode_fd_set, 0)
- && getfdpath_pid(pid, fd, path, sizeof(path)) >= 0) {
+ && getfdpath_pid(pid, fd, path, sizeof(path), &deleted) >= 0) {
if (is_number_in_set(DECODE_FD_SOCKET, decode_fd_set) &&
printsocket(tcp, fd, path))
goto printed;
@@ -761,7 +765,7 @@
printpidfd(pid, fd, path))
goto printed;
if (is_number_in_set(DECODE_FD_PATH, decode_fd_set))
- print_quoted_string_in_angle_brackets(path);
+ print_quoted_string_in_angle_brackets(path, deleted);
printed: ;
}
Index: strace-5.18/tests/fchmod.c
===================================================================
--- strace-5.18.orig/tests/fchmod.c 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/tests/fchmod.c 2022-07-13 12:52:48.452782111 +0200
@@ -35,10 +35,17 @@
(void) unlink(sample);
int fd = open(sample, O_CREAT|O_RDONLY, 0400);
if (fd == -1)
- perror_msg_and_fail("open");
+ perror_msg_and_fail("open(\"%s\")", sample);
+
+ static const char sample_del[] = "fchmod_sample_file (deleted)";
+ (void) unlink(sample_del);
+ int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400);
+ if (fd_del == -1)
+ perror_msg_and_fail("open(\"%s\")", sample);
# ifdef YFLAG
char *sample_realpath = get_fd_path(fd);
+ char *sample_del_realpath = get_fd_path(fd_del);
# endif
const char *sample_secontext = SECONTEXT_FILE(sample);
@@ -56,12 +63,27 @@
sample_secontext,
sprintrc(rc));
+ const char *sample_del_secontext = SECONTEXT_FILE(sample_del);
+ rc = syscall(__NR_fchmod, fd_del, 0600);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>%s, 0600) = %s\n",
+# else
+ printf("%s%s(%d%s, 0600) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
if (unlink(sample))
- perror_msg_and_fail("unlink");
+ perror_msg_and_fail("unlink(\"%s\")", sample);
rc = syscall(__NR_fchmod, fd, 051);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
# else
printf("%s%s(%d%s, 051) = %s\n",
# endif
@@ -73,9 +95,26 @@
sample_secontext,
sprintrc(rc));
+ if (unlink(sample_del))
+ perror_msg_and_fail("unlink(\"%s\")", sample_del);
+
+ rc = syscall(__NR_fchmod, fd_del, 051);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
+# else
+ printf("%s%s(%d%s, 051) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
rc = syscall(__NR_fchmod, fd, 004);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n",
# else
printf("%s%s(%d%s, 004) = %s\n",
# endif
Index: strace-5.18/tests-m32/fchmod.c
===================================================================
--- strace-5.18.orig/tests-m32/fchmod.c 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/tests-m32/fchmod.c 2022-07-13 12:52:48.452782111 +0200
@@ -35,10 +35,17 @@
(void) unlink(sample);
int fd = open(sample, O_CREAT|O_RDONLY, 0400);
if (fd == -1)
- perror_msg_and_fail("open");
+ perror_msg_and_fail("open(\"%s\")", sample);
+
+ static const char sample_del[] = "fchmod_sample_file (deleted)";
+ (void) unlink(sample_del);
+ int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400);
+ if (fd_del == -1)
+ perror_msg_and_fail("open(\"%s\")", sample);
# ifdef YFLAG
char *sample_realpath = get_fd_path(fd);
+ char *sample_del_realpath = get_fd_path(fd_del);
# endif
const char *sample_secontext = SECONTEXT_FILE(sample);
@@ -56,12 +63,27 @@
sample_secontext,
sprintrc(rc));
+ const char *sample_del_secontext = SECONTEXT_FILE(sample_del);
+ rc = syscall(__NR_fchmod, fd_del, 0600);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>%s, 0600) = %s\n",
+# else
+ printf("%s%s(%d%s, 0600) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
if (unlink(sample))
- perror_msg_and_fail("unlink");
+ perror_msg_and_fail("unlink(\"%s\")", sample);
rc = syscall(__NR_fchmod, fd, 051);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
# else
printf("%s%s(%d%s, 051) = %s\n",
# endif
@@ -73,9 +95,26 @@
sample_secontext,
sprintrc(rc));
+ if (unlink(sample_del))
+ perror_msg_and_fail("unlink(\"%s\")", sample_del);
+
+ rc = syscall(__NR_fchmod, fd_del, 051);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
+# else
+ printf("%s%s(%d%s, 051) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
rc = syscall(__NR_fchmod, fd, 004);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n",
# else
printf("%s%s(%d%s, 004) = %s\n",
# endif

209
SOURCES/0181-secontext-fix-expected-SELinux-context-check-for-unl.patch Normal file
View File

@ -0,0 +1,209 @@
From 3f0e5340b651da98251a58cc7923525d69f96032 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Fri, 1 Jul 2022 10:45:48 +0200
Subject: [PATCH] secontext: fix expected SELinux context check for unlinked
FDs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
selinux_getfdcon open-coded a part of getfdpath_pid since it tries
to do the same job, figure out a path associated with an FD, for slightly
different purpose: to get the expected SELinux context for it. As the previous
commit shows, it's a bit more complicated in cases when the path ends
with the " (deleted)" string, which is also used for designated unlinked paths
in procfs. Otherwise, it may manifest in test failures such as this:
[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 0600) = 0
-[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 051) = 0
-[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 004) = 0
+[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 051) = 0
+[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 004) = 0
+++ exited with 0 +++
+ fail_ '../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
+ warn_ 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
+ printf '%s\n' 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch
+ exit 1
FAIL fchmod-y--secontext_full_mismatch.gen.test (exit status: 1)
that happens due to the fact that the get_expected_filecontext() call
is made against the path with the " (deleted)" part, which is wrong (it
is more wrong than shown above when a file with the path that ends with
" (deleted)" exists). Moreover, it would be incorrect to call stat()
on that path.
Let's factor out the common part of the code and simply call it
from selinux_getfdcon, then use the st_mode from the procfs link.
* src/defs.h (get_proc_pid_fd_path): New declaration.
* src/pathtrace.c (get)proc_pid_fd_path): New function, part
of getfdpath_pid that performs link resolution and processing
of the result.
(getfdpath_pid): Call get_proc_pid_fd_path after PID resolution.
* src/secontext.c (get_expected_filecontext): Add mode parameter, use
it in selabel_lookup call instead of retrieveing file mode using stat()
if it is not -1.
(selinux_getfdcon): Call get_proc_pid_fd_path instead
of open-coding path resolution code, call stat() on the procfs link
and pass the retrieved st_mode to the get_expected_filecontext call.
(selinux_getfilecon): Pass -1 as mode in the get_expected_filecontext
call.
Reported-by: Václav Kadlčík <vkadlcik@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2087693
---
src/defs.h | 15 +++++++++++++++
src/pathtrace.c | 26 ++++++++++++++++++--------
src/secontext.c | 35 +++++++++++++++++++++--------------
3 files changed, 54 insertions(+), 22 deletions(-)
Index: strace-5.18/src/defs.h
===================================================================
--- strace-5.18.orig/src/defs.h 2022-07-12 18:22:01.563254140 +0200
+++ strace-5.18/src/defs.h 2022-07-12 18:22:06.202199392 +0200
@@ -785,6 +785,21 @@
return pathtrace_match_set(tcp, &global_path_set);
}
+/**
+ * Resolves a path for a fd procfs PID proc_pid (the one got from
+ * get_proc_pid()).
+ *
+ * @param proc_pid PID number in /proc, obtained with get_proc_pid().
+ * @param fd FD to resolve path for.
+ * @param buf Buffer to store the resolved path in.
+ * @param bufsize The size of buf.
+ * @param deleted If non-NULL, set to true if the path associated with the FD
+ * seems to have been unlinked and to false otherwise.
+ * @return Number of bytes written including terminating '\0'.
+ */
+extern int get_proc_pid_fd_path(int proc_pid, int fd, char *buf,
+ unsigned bufsize, bool *deleted);
+
extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize,
bool *deleted);
Index: strace-5.18/src/pathtrace.c
===================================================================
--- strace-5.18.orig/src/pathtrace.c 2022-07-12 18:22:01.532254506 +0200
+++ strace-5.18/src/pathtrace.c 2022-07-12 18:22:06.202199392 +0200
@@ -77,11 +77,9 @@
set->paths_selected[set->num_selected++] = path;
}
-/*
- * Get path associated with fd of a process with pid.
- */
int
-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
+get_proc_pid_fd_path(int proc_pid, int fd, char *buf, unsigned bufsize,
+ bool *deleted)
{
char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];
ssize_t n;
@@ -89,10 +87,6 @@
if (fd < 0)
return -1;
- int proc_pid = get_proc_pid(pid);
- if (!proc_pid)
- return -1;
-
xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);
n = readlink(linkpath, buf, bufsize - 1);
if (n < 0)
@@ -143,6 +137,22 @@
}
/*
+ * Get path associated with fd of a process with pid.
+ */
+int
+getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
+{
+ if (fd < 0)
+ return -1;
+
+ int proc_pid = get_proc_pid(pid);
+ if (!proc_pid)
+ return -1;
+
+ return get_proc_pid_fd_path(proc_pid, fd, buf, bufsize, deleted);
+}
+
+/*
* Add a path to the set we're tracing. Also add the canonicalized
* version of the path. Specifying NULL will delete all paths.
*/
Index: strace-5.18/src/secontext.c
===================================================================
--- strace-5.18.orig/src/secontext.c 2022-07-12 18:22:01.564254128 +0200
+++ strace-5.18/src/secontext.c 2022-07-12 18:22:06.203199380 +0200
@@ -62,7 +62,7 @@
}
static int
-get_expected_filecontext(const char *path, char **secontext)
+get_expected_filecontext(const char *path, char **secontext, int mode)
{
static struct selabel_handle *hdl;
@@ -80,12 +80,7 @@
}
}
- strace_stat_t stb;
- if (stat_file(path, &stb) < 0) {
- return -1;
- }
-
- return selabel_lookup(hdl, secontext, path, stb.st_mode);
+ return selabel_lookup(hdl, secontext, path, mode);
}
/*
@@ -130,16 +125,22 @@
/*
* We need to resolve the path, because selabel_lookup() doesn't
- * resolve anything. Using readlink() is sufficient here.
+ * resolve anything.
*/
+ char buf[PATH_MAX + 1];
+ ssize_t n = get_proc_pid_fd_path(proc_pid, fd, buf, sizeof(buf), NULL);
+ if ((size_t) n >= (sizeof(buf) - 1))
+ return 0;
- char buf[PATH_MAX];
- ssize_t n = readlink(linkpath, buf, sizeof(buf));
- if ((size_t) n >= sizeof(buf))
+ /*
+ * We retrieve stat() here since the path the procfs link resolves into
+ * may be reused by a different file with different context.
+ */
+ strace_stat_t st;
+ if (stat_file(linkpath, &st))
return 0;
- buf[n] = '\0';
- get_expected_filecontext(buf, expected);
+ get_expected_filecontext(buf, expected, st.st_mode);
return 0;
}
@@ -190,7 +191,13 @@
if (!resolved)
return 0;
- get_expected_filecontext(resolved, expected);
+ strace_stat_t st;
+ if (stat_file(resolved, &st) < 0)
+ goto out;
+
+ get_expected_filecontext(resolved, expected, st.st_mode);
+
+out:
free(resolved);
return 0;

70
SOURCES/0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch Normal file
View File

@ -0,0 +1,70 @@
From 5338636cd9ae7f53ed73f1a7909db03189ea2ff3 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Mon, 4 Jul 2022 12:29:22 +0200
Subject: [PATCH] tests/bpf: fix sloppy low FD number usage
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
FD 42 can already be opened, so close it. Otherwise, it may lead
to the following test failure:
-bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED)
+bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42</var/tmp/restraintd/logs/146893626/task.log>}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED)
bpf(BPF_LINK_CREATE, 0x3ff95574fe5, 28) = 841540765612359407 (INJECTED)
-bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED)
+bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42</var/tmp/restraintd/logs/146893626/task.log>}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED)
[...]
FAIL bpf-success-long-y.test (exit status: 1)
* tests/bpf.c (init_BPF_LINK_CREATE_attr7): Close iter_info_data[1] fd.
Fixes: v5.18~18 "bpf: improve bpf(BPF_LINK_CREATE) decoding"
Reported-by: Lenka Špačková <lkuprova@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103137
---
tests/bpf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/bpf.c b/tests/bpf.c
index 82d870e..6c1ffd4 100644
--- a/tests/bpf.c
+++ b/tests/bpf.c
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
{
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ close(iter_info_data[1]);
+
if (!iter_info_data_p) {
iter_info_data_p = tail_memdup(iter_info_data,
sizeof(iter_info_data));
diff --git a/tests-m32/bpf.c b/tests-m32/bpf.c
index 82d870e..6c1ffd4 100644
--- a/tests-m32/bpf.c
+++ b/tests-m32/bpf.c
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
{
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ close(iter_info_data[1]);
+
if (!iter_info_data_p) {
iter_info_data_p = tail_memdup(iter_info_data,
sizeof(iter_info_data));
diff --git a/tests-mx32/bpf.c b/tests-mx32/bpf.c
index 82d870e..6c1ffd4 100644
--- a/tests-mx32/bpf.c
+++ b/tests-mx32/bpf.c
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
{
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ close(iter_info_data[1]);
+
if (!iter_info_data_p) {
iter_info_data_p = tail_memdup(iter_info_data,
sizeof(iter_info_data));
--
2.1.4

33
SOURCES/2001-limit-qual_fault-scope-on-aarch64.patch
View File

@ -1,27 +1,26 @@
Limit the scope of qual_fault.tests on aarch64 as otherwise it takes
unacceptable amount of time on available builders (more than an hour).
Index: strace-5.7/tests/qual_fault.test
Index: strace-5.17/tests/qual_fault.test
===================================================================
--- strace-5.7.orig/tests/qual_fault.test 2020-06-02 10:41:25.870177356 +0200
+++ strace-5.7/tests/qual_fault.test 2020-06-02 10:48:33.284302800 +0200
@@ -83,19 +83,35 @@
--- strace-5.17.orig/tests/qual_fault.test 2022-06-09 15:47:28.871554186 +0200
+++ strace-5.17/tests/qual_fault.test 2022-06-09 15:50:50.016108370 +0200
@@ -83,19 +83,36 @@
done
}
-for err in '' ENOSYS 22 einval; do
+
+case "$STRACE_ARCH" in
+ aarch64)
+ ERRS='EnoSys 22'
+ NUMBERS1='2'
+ NUMBERS2='3'
+ NUMBERS3='5'
+ NUMBERS4='7'
+ ;;
+ *)
+ ERRS='ENOSYS 22 einval'
+ NUMBERS1='1 2 3 5 7 11'
+ NUMBERS2='1 2 3 5 7 11'
+ NUMBERS3='1 2 3 5 7 11'
+ NUMBERS1='1 2 3 7'
+ NUMBERS2='1 2 5 11'
+ NUMBERS3='1 2 3 7'
+ NUMBERS4='1 2 7 11'
+ ;;
+esac
+
@ -31,30 +30,30 @@ Index: strace-5.7/tests/qual_fault.test
writev $fault "$err" '' '' '' 1 -efault=chdir
check_fault_injection \
writev $fault "$err" '' '' '' 1 -efault=chdir -efault=none
- for F in 1 2 3 5 7 11; do
- for F in 1 2 3 7; do
+ for F in $(echo $NUMBERS1); do
check_fault_injection \
writev $fault "$err" $F '' '' 1
check_fault_injection \
writev $fault "$err" $F '' + 1
- for L in 1 2 3 5 7 11; do
- for L in 1 2 5 11; do
+ for L in $(echo $NUMBERS2); do
[ "$L" -ge "$F" ] ||
continue
check_fault_injection \
@@ -104,12 +119,12 @@
@@ -104,12 +121,12 @@
writev $fault "$err" $F $L + 1
done
- for S in 1 2 3 5 7 11; do
+ for S in $(echo $NUMBERS2); do
- for S in 1 2 3 7; do
+ for S in $(echo $NUMBERS3); do
check_fault_injection \
writev $fault "$err" $F '' $S 1
check_fault_injection \
writev $fault "$err" $F '' $S 4
- for L in 1 2 3 5 7 11; do
+ for L in $(echo $NUMBERS3); do
- for L in 1 2 7 11; do
+ for L in $(echo $NUMBERS4); do
[ "$L" -ge "$F" ] ||
continue
check_fault_injection \

17
SOURCES/2003-undef-ARRAY_SIZE.patch
View File

@ -1,17 +0,0 @@
Index: strace-5.12/src/unwind.c
===================================================================
--- strace-5.12.orig/src/unwind.c 2018-12-10 01:00:00.000000000 +0100
+++ strace-5.12/src/unwind.c 2020-06-02 11:13:42.777871147 +0200
@@ -9,6 +9,12 @@
#include "unwind.h"
#ifdef USE_DEMANGLE
+/*
+ * demangle.h defines ARRAY_SIZE without proper guard, and its definition
+ * is "good enough" for us.
+ */
+#undef ARRAY_SIZE
+
# if defined HAVE_DEMANGLE_H
# include <demangle.h>
# elif defined HAVE_LIBIBERTY_DEMANGLE_H

135
SOURCES/2004-glibc-msgctl-semctl-shmctl-backport-workaround.patch
View File

@ -1,135 +0,0 @@
Index: strace-5.7/tests/ipc_msg.c
===================================================================
--- strace-5.7.orig/tests/ipc_msg.c 2021-08-24 21:39:53.102419769 +0200
+++ strace-5.7/tests/ipc_msg.c 2021-08-24 21:43:00.670841489 +0200
@@ -55,8 +55,9 @@
* Starting with commit glibc-2.32.9000-149-gbe9b0b9a012780a403a2,
* glibc skips msgctl syscall invocations and returns EINVAL
* for invalid msgctl commands.
+ * It has been backported into glic-2.28-153 in RHEL 8.5.
*/
-#if GLIBC_PREREQ_GE(2, 32)
+#if GLIBC_PREREQ_GE(2, 28)
# define TEST_MSGCTL_BOGUS_CMD 0
#endif
Index: strace-5.7/tests/ipc_shm.c
===================================================================
--- strace-5.7.orig/tests/ipc_shm.c 2021-08-24 21:39:53.124419583 +0200
+++ strace-5.7/tests/ipc_shm.c 2021-08-24 21:43:00.670841489 +0200
@@ -45,8 +45,9 @@
* Starting with commit glibc-2.32.9000-207-g9ebaabeaac1a96b0d91f,
* glibc skips shmctl syscall invocations and returns EINVAL
* for invalid shmctl commands.
+ * It has been backported into glic-2.28-153 in RHEL 8.5.
*/
-#if GLIBC_PREREQ_GE(2, 32)
+#if GLIBC_PREREQ_GE(2, 28)
# define TEST_SHMCTL_BOGUS_CMD 0
#endif
Index: strace-5.7/tests/ipc_sem.c
===================================================================
--- strace-5.7.orig/tests/ipc_sem.c 2021-08-24 21:39:53.135419490 +0200
+++ strace-5.7/tests/ipc_sem.c 2021-08-24 21:43:00.670841489 +0200
@@ -26,8 +26,9 @@
* Starting with commit glibc-2.32.9000-147-ga16d2abd496bd974a882,
* glibc skips semctl syscall invocations and returns EINVAL
* for invalid semctl commands.
+ * It has been backported into glic-2.28-153 in RHEL 8.5.
*/
-#if GLIBC_PREREQ_GE(2, 32)
+#if GLIBC_PREREQ_GE(2, 28)
# define TEST_SEMCTL_BOGUS_CMD 0
#endif
Index: strace-5.7/tests-m32/ipc_msg.c
===================================================================
--- strace-5.7.orig/tests-m32/ipc_msg.c 2021-08-24 21:39:53.102419769 +0200
+++ strace-5.7/tests-m32/ipc_msg.c 2021-08-24 21:43:00.670841489 +0200
@@ -55,8 +55,9 @@
* Starting with commit glibc-2.32.9000-149-gbe9b0b9a012780a403a2,
* glibc skips msgctl syscall invocations and returns EINVAL
* for invalid msgctl commands.
+ * It has been backported into glic-2.28-153 in RHEL 8.5.
*/
-#if GLIBC_PREREQ_GE(2, 32)
+#if GLIBC_PREREQ_GE(2, 28)
# define TEST_MSGCTL_BOGUS_CMD 0
#endif
Index: strace-5.7/tests-m32/ipc_shm.c
===================================================================
--- strace-5.7.orig/tests-m32/ipc_shm.c 2021-08-24 21:39:53.124419583 +0200
+++ strace-5.7/tests-m32/ipc_shm.c 2021-08-24 21:43:00.671841481 +0200
@@ -45,8 +45,9 @@
* Starting with commit glibc-2.32.9000-207-g9ebaabeaac1a96b0d91f,
* glibc skips shmctl syscall invocations and returns EINVAL
* for invalid shmctl commands.
+ * It has been backported into glic-2.28-153 in RHEL 8.5.
*/
-#if GLIBC_PREREQ_GE(2, 32)
+#if GLIBC_PREREQ_GE(2, 28)
# define TEST_SHMCTL_BOGUS_CMD 0
#endif
Index: strace-5.7/tests-m32/ipc_sem.c
===================================================================
--- strace-5.7.orig/tests-m32/ipc_sem.c 2021-08-24 21:39:53.135419490 +0200
+++ strace-5.7/tests-m32/ipc_sem.c 2021-08-24 21:43:00.671841481 +0200
@@ -26,8 +26,9 @@
* Starting with commit glibc-2.32.9000-147-ga16d2abd496bd974a882,
* glibc skips semctl syscall invocations and returns EINVAL
* for invalid semctl commands.
+ * It has been backported into glic-2.28-153 in RHEL 8.5.
*/
-#if GLIBC_PREREQ_GE(2, 32)
+#if GLIBC_PREREQ_GE(2, 28)
# define TEST_SEMCTL_BOGUS_CMD 0
#endif
Index: strace-5.7/tests-mx32/ipc_msg.c
===================================================================
--- strace-5.7.orig/tests-mx32/ipc_msg.c 2021-08-24 21:39:53.102419769 +0200
+++ strace-5.7/tests-mx32/ipc_msg.c 2021-08-24 21:43:00.671841481 +0200
@@ -55,8 +55,9 @@
* Starting with commit glibc-2.32.9000-149-gbe9b0b9a012780a403a2,
* glibc skips msgctl syscall invocations and returns EINVAL
* for invalid msgctl commands.
+ * It has been backported into glic-2.28-153 in RHEL 8.5.
*/
-#if GLIBC_PREREQ_GE(2, 32)
+#if GLIBC_PREREQ_GE(2, 28)
# define TEST_MSGCTL_BOGUS_CMD 0
#endif
Index: strace-5.7/tests-mx32/ipc_shm.c
===================================================================
--- strace-5.7.orig/tests-mx32/ipc_shm.c 2021-08-24 21:39:53.124419583 +0200
+++ strace-5.7/tests-mx32/ipc_shm.c 2021-08-24 21:43:00.671841481 +0200
@@ -45,8 +45,9 @@
* Starting with commit glibc-2.32.9000-207-g9ebaabeaac1a96b0d91f,
* glibc skips shmctl syscall invocations and returns EINVAL
* for invalid shmctl commands.
+ * It has been backported into glic-2.28-153 in RHEL 8.5.
*/
-#if GLIBC_PREREQ_GE(2, 32)
+#if GLIBC_PREREQ_GE(2, 28)
# define TEST_SHMCTL_BOGUS_CMD 0
#endif
Index: strace-5.7/tests-mx32/ipc_sem.c
===================================================================
--- strace-5.7.orig/tests-mx32/ipc_sem.c 2021-08-24 21:39:53.136419481 +0200
+++ strace-5.7/tests-mx32/ipc_sem.c 2021-08-24 21:43:00.672841472 +0200
@@ -26,8 +26,9 @@
* Starting with commit glibc-2.32.9000-147-ga16d2abd496bd974a882,
* glibc skips semctl syscall invocations and returns EINVAL
* for invalid semctl commands.
+ * It has been backported into glic-2.28-153 in RHEL 8.5.
*/
-#if GLIBC_PREREQ_GE(2, 32)
+#if GLIBC_PREREQ_GE(2, 28)
# define TEST_SEMCTL_BOGUS_CMD 0
#endif

133
SPECS/strace.spec
View File

@ -1,7 +1,7 @@
Summary: Tracks and displays system calls associated with a running process
Name: strace
Version: 5.13
Release: 4%{?dist}
Version: 5.18
Release: 2%{?dist}
# The test suite is GPLv2+, all the rest is LGPLv2.1+.
License: LGPL-2.1+ and GPL-2.0+
Group: Development/Debuggers
@ -219,7 +219,7 @@ BuildRequires: libselinux-devel
## v5.12~49 "Implement --secontext[=full] option to display SELinux contexts"
#Patch149: 0149-Implement-secontext-full-option-to-display-SELinux-c.patch
# v5.13-14-g9623154 "m4/mpers.m4: generate HAVE_*_SELINUX_RUNTIME config defines"
Patch155: 0155-m4-mpers.m4-generate-HAVE_-_SELINUX_RUNTIME-config-d.patch
#Patch155: 0155-m4-mpers.m4-generate-HAVE_-_SELINUX_RUNTIME-config-d.patch
## v5.9~28 "Introduce GLIBC_PREREQ_GE and GLIBC_PREREQ_LT macros"
#Patch156: 0156-Introduce-GLIBC_PREREQ_GE-and-GLIBC_PREREQ_LT-macros.patch
@ -236,27 +236,49 @@ Patch155: 0155-m4-mpers.m4-generate-HAVE_-_SELINUX_RUNTIME-config-d.patch
## v5.9~12 "tests: disable tests for invalid semctl commands on glibc >= 2.32"
#Patch162: 0162-tests-disable-tests-for-invalid-semctl-commands-on-g.patch
# v5.13-55-g6b2191f "filter_qualify: free allocated data on the error path exit of parse_poke_token"
Patch163: 0163-filter_qualify-free-allocated-data-on-the-error-path.patch
# v5.13-56-g80dc60c "macros: expand BIT macros, add MASK macros; add *_SAFE macros"
Patch164: 0164-macros-expand-BIT-macros-add-MASK-macros-add-_SAFE-m.patch
# v5.13-58-g94ae5c2 "trie: use BIT* and MASK* macros"
Patch165: 0165-trie-use-BIT-and-MASK-macros.patch
# v5.13-65-g41b753e "tee: rewrite num_params access in tee_fetch_buf_data"
Patch166: 0166-tee-rewrite-num_params-access-in-tee_fetch_buf_data.patch
## v5.13-55-g6b2191f "filter_qualify: free allocated data on the error path exit of parse_poke_token"
#Patch163: 0163-filter_qualify-free-allocated-data-on-the-error-path.patch
## v5.13-56-g80dc60c "macros: expand BIT macros, add MASK macros; add *_SAFE macros"
#Patch164: 0164-macros-expand-BIT-macros-add-MASK-macros-add-_SAFE-m.patch
## v5.13-58-g94ae5c2 "trie: use BIT* and MASK* macros"
#Patch165: 0165-trie-use-BIT-and-MASK-macros.patch
## v5.13-65-g41b753e "tee: rewrite num_params access in tee_fetch_buf_data"
#Patch166: 0166-tee-rewrite-num_params-access-in-tee_fetch_buf_data.patch
# v5.15~1 "print_ifindex: fix IFNAME_QUOTED_SZ definition"
Patch167: 0167-print_ifindex-fix-IFNAME_QUOTED_SZ-definition.patch
## v5.15~1 "print_ifindex: fix IFNAME_QUOTED_SZ definition"
#Patch167: 0167-print_ifindex-fix-IFNAME_QUOTED_SZ-definition.patch
# v5.15~18 "m4: fix st_SELINUX check"
Patch168: 0168-m4-fix-st_SELINUX-check.patch
# v5.16~31 "Implement displaying of expected context upon mismatch"
Patch169: 0169-Implement-displaying-of-expected-context-upon-mismat.patch
Patch170: 0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch
Patch171: 0171-tests-secontext-add-secontext-field-getters.patch
Patch172: 0172-tests-linkat-provide-fallback-values-for-secontext-f.patch
Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch
Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
## v5.15~18 "m4: fix st_SELINUX check"
#Patch168: 0168-m4-fix-st_SELINUX-check.patch
## v5.16~31 "Implement displaying of expected context upon mismatch"
#Patch169: 0169-Implement-displaying-of-expected-context-upon-mismat.patch
#Patch170: 0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch
#Patch171: 0171-tests-secontext-add-secontext-field-getters.patch
#Patch172: 0172-tests-linkat-provide-fallback-values-for-secontext-f.patch
#Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch
#Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
## https://bugzilla.redhat.com/2103068 covscan fixes
# v5.18-5-g2bf0696 "src/xlat: remove remnants of unnecessary idx usage in xlookup"
Patch175: 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch
# v5.18-7-ge604d7b "strauss: tips whitespace and phrasing cleanups"
Patch176: 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch
# v5.18-8-g968789d "strauss: fix off-by-one error in strauss array access"
Patch177: 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch
# v5.18-9-g6d3e97e "util: add offs sanity check to print_clock_t"
Patch178: 0178-util-add-offs-sanity-check-to-print_clock_t.patch
## https://bugzilla.redhat.com/2087693
# v5.18-13-g960e78f "secontext: print context of Unix socket's sun_path field"
Patch179: 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch
# v5.18-18-g676979f "pathtrace, util: do not print " (deleted)" as part of the path"
Patch180: 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch
# v5.18-19-g3f0e534 "secontext: fix expected SELinux context check for unlinked FDs"
Patch181: 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch
## https://bugzilla.redhat.com/2103137
# v5.18-21-g5338636 "tests/bpf: fix sloppy low FD number usage"
Patch182: 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch
### Wire up rseq and kexec_file_load in order to avoid kexec_file_load
### test failure on aarch64. Addresses https://bugzilla.redhat.com/1676045
@ -272,12 +294,14 @@ Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
Patch2001: 2001-limit-qual_fault-scope-on-aarch64.patch
### RHEL8.2-only: disable ksysent test due to missing rebase
#Patch2002: 2002-disable-ksysent-on-8.2.patch
## RHEL-only: avoid ARRAY_SIZE macro re-definition in libiberty.h
Patch2003: 2003-undef-ARRAY_SIZE.patch
## RHEL-only: glibc-2.32.9000-147-ga16d2abd496bd974a882,
## glibc-2.32.9000-149-gbe9b0b9a012780a403a2 and
## glibc-2.32.9000-207-g9ebaabeaac1a96b0d91f have been backported in RHEL.
Patch2004: 2004-glibc-msgctl-semctl-shmctl-backport-workaround.patch
### RHEL-only: avoid ARRAY_SIZE macro re-definition in libiberty.h
## No longer needed, since upstream commit v5.14~14
#Patch2003: 2003-undef-ARRAY_SIZE.patch
### RHEL-only: glibc-2.32.9000-147-ga16d2abd496bd974a882,
### glibc-2.32.9000-149-gbe9b0b9a012780a403a2 and
### glibc-2.32.9000-207-g9ebaabeaac1a96b0d91f have been backported in RHEL.
## No longer needed, since upstream commit v5.15~9
#Patch2004: 2004-glibc-msgctl-semctl-shmctl-backport-workaround.patch
# We no longer need to build a separate strace32 binary, but we don't want
@ -394,7 +418,7 @@ received by a process.
#%patch147 -p1
#%patch148 -p1
#%patch149 -p1
%patch155 -p1
#%patch155 -p1
#%patch156 -p1
#%patch157 -p1
#%patch158 -p1
@ -402,18 +426,27 @@ received by a process.
#%patch160 -p1
#%patch161 -p1
#%patch162 -p1
%patch163 -p1
%patch164 -p1
%patch165 -p1
%patch166 -p1
%patch167 -p1
%patch168 -p1
%patch169 -p1
%patch170 -p1
%patch171 -p1
%patch172 -p1
%patch173 -p1
%patch174 -p1
#%patch163 -p1
#%patch164 -p1
#%patch165 -p1
#%patch166 -p1
#%patch167 -p1
#%patch168 -p1
#%patch169 -p1
#%patch170 -p1
#%patch171 -p1
#%patch172 -p1
#%patch173 -p1
#%patch174 -p1
%patch175 -p1
%patch176 -p1
%patch177 -p1
%patch178 -p1
%patch179 -p1
%patch180 -p1
%patch181 -p1
%patch182 -p1
#%patch1000 -p1
#%patch1001 -p1
@ -421,15 +454,15 @@ received by a process.
#%patch2000 -p1
%patch2001 -p1
#%patch2002 -p1
%patch2003 -p1
%patch2004 -p1
#%patch2003 -p1
#%patch2004 -p1
chmod a+x tests/*.test
echo -n %version-%release > .tarball-version
echo -n 2020 > .year
echo -n 2021-10-21 > doc/.strace.1.in.date
echo -n 2022 > .year
echo -n 2022-06-22 > doc/.strace.1.in.date
echo -n 2022-06-22 > doc/.strace-log-merge.1.in.date
%build
echo 'BEGIN OF BUILD ENVIRONMENT INFORMATION'
@ -500,6 +533,14 @@ echo 'END OF TEST SUITE INFORMATION'
%{_mandir}/man1/*
%changelog
* Mon Jul 11 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-2
- Fix the issues reported by covscan (#2103068).
- Fix SELinux context matching for the deleted paths (#2087693).
- Fix sloppy FD usage in the bpf test (#2103137).
* Wed Jun 22 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-1
- Rebase to v5.18; drop upstream patches on top of 5.13 (#2084000).
* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-4
- Update tests-m32 and tests-mx32 with --secontext=mismatch option support
changes (#2046259).