import strace-5.13-3.el8
This commit is contained in:
parent
f94aa82e77
commit
b101ac1256
66
SOURCES/0168-m4-fix-st_SELINUX-check.patch
Normal file
66
SOURCES/0168-m4-fix-st_SELINUX-check.patch
Normal file
@ -0,0 +1,66 @@
|
||||
From b8f375c2c8140e759122bca3e3469386d3ba5184 Mon Sep 17 00:00:00 2001
|
||||
From: "Dmitry V. Levin" <ldv@strace.io>
|
||||
Date: Mon, 29 Nov 2021 08:00:00 +0000
|
||||
Subject: [PATCH 168/174] m4: fix st_SELINUX check
|
||||
|
||||
* m4/st_selinux.m4: Make sure selinux support is enabled only if
|
||||
all expected functions are provided by libselinux.
|
||||
|
||||
Fixes: v5.12~49 "Implement --secontext[=full] option to display SELinux contexts"
|
||||
---
|
||||
m4/st_selinux.m4 | 36 ++++++++++++++++--------------------
|
||||
1 file changed, 16 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/m4/st_selinux.m4 b/m4/st_selinux.m4
|
||||
index da72a48..7b24eba 100644
|
||||
--- a/m4/st_selinux.m4
|
||||
+++ b/m4/st_selinux.m4
|
||||
@@ -34,29 +34,25 @@ AS_IF([test "x$with_libselinux" != xno],
|
||||
AS_IF([test "x$found_selinux_h" = xyes],
|
||||
[saved_LDFLAGS="$LDFLAGS"
|
||||
LDFLAGS="$LDFLAGS $libselinux_LDFLAGS"
|
||||
- AC_CHECK_LIB([selinux],[getpidcon],
|
||||
- [libselinux_LIBS="-lselinux"
|
||||
- enable_secontext=yes
|
||||
- ],
|
||||
- [if test "x$with_libselinux" != xcheck; then
|
||||
- AC_MSG_FAILURE([failed to find getpidcon in libselinux])
|
||||
- fi
|
||||
- ]
|
||||
- )
|
||||
- AC_CHECK_LIB([selinux],[getfilecon],
|
||||
- [libselinux_LIBS="-lselinux"
|
||||
- enable_secontext=yes
|
||||
- ],
|
||||
- [if test "x$with_libselinux" != xcheck; then
|
||||
- AC_MSG_FAILURE([failed to find getfilecon in libselinux])
|
||||
- fi
|
||||
- ]
|
||||
+ missing=
|
||||
+ for func in getpidcon getfilecon; do
|
||||
+ AC_CHECK_LIB([selinux], [$func], [:],
|
||||
+ [missing="$missing $func"])
|
||||
+ done
|
||||
+ AS_IF([test "x$missing" = x],
|
||||
+ [libselinux_LIBS="-lselinux"
|
||||
+ enable_secontext=yes
|
||||
+ ],
|
||||
+ [AS_IF([test "x$with_libselinux" != xcheck],
|
||||
+ [AC_MSG_FAILURE([failed to find in libselinux:$missing])]
|
||||
+ )
|
||||
+ ]
|
||||
)
|
||||
LDFLAGS="$saved_LDFLAGS"
|
||||
],
|
||||
- [if test "x$with_libselinux" != xcheck; then
|
||||
- AC_MSG_FAILURE([failed to find selinux.h])
|
||||
- fi
|
||||
+ [AS_IF([test "x$with_libselinux" != xcheck],
|
||||
+ [AC_MSG_FAILURE([failed to find selinux.h])]
|
||||
+ )
|
||||
]
|
||||
)
|
||||
]
|
||||
--
|
||||
2.1.4
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,54 @@
|
||||
From f5fd689e40322a7b08a97eb2d26f192610728230 Mon Sep 17 00:00:00 2001
|
||||
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||
Date: Tue, 18 Jan 2022 16:10:28 +0100
|
||||
Subject: [PATCH 170/174] tests/linkat: reset errno before SELinux context
|
||||
manipulation
|
||||
|
||||
To avoid printing a stale error information in case of mismatch check
|
||||
failure.
|
||||
|
||||
* tests/linkat.c: Include <errno.h>.
|
||||
(main): Add "errno = 0" before update_secontext_field calls.
|
||||
---
|
||||
tests/linkat.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/tests/linkat.c b/tests/linkat.c
|
||||
index 1a869e3..c3e2ee4 100644
|
||||
--- a/tests/linkat.c
|
||||
+++ b/tests/linkat.c
|
||||
@@ -10,6 +10,7 @@
|
||||
#include "tests.h"
|
||||
#include "scno.h"
|
||||
|
||||
+#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@@ -91,6 +92,7 @@ main(void)
|
||||
free(sample_1_secontext);
|
||||
|
||||
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||
+ errno = 0;
|
||||
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
|
||||
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||
|
||||
@@ -112,6 +114,7 @@ main(void)
|
||||
free(sample_1_secontext);
|
||||
#endif
|
||||
|
||||
+ errno = 0;
|
||||
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
|
||||
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||
sample_2_secontext = sample_1_secontext;
|
||||
@@ -142,6 +145,7 @@ main(void)
|
||||
int dfd_old = get_dir_fd(".");
|
||||
char *cwd = get_fd_path(dfd_old);
|
||||
|
||||
+ errno = 0;
|
||||
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
|
||||
char *dfd_old_secontext = SECONTEXT_FILE(".");
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
134
SOURCES/0171-tests-secontext-add-secontext-field-getters.patch
Normal file
134
SOURCES/0171-tests-secontext-add-secontext-field-getters.patch
Normal file
@ -0,0 +1,134 @@
|
||||
From 4951286eb634c00c11883b851c91f3a21975eabd Mon Sep 17 00:00:00 2001
|
||||
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||
Date: Tue, 18 Jan 2022 18:03:57 +0100
|
||||
Subject: [PATCH 171/174] tests/secontext: add secontext field getters
|
||||
|
||||
* tests/secontext.h (get_secontext_field, get_secontext_field_file): New
|
||||
declarations.
|
||||
* tests/secontext.c (get_type_from_context): Rename to...
|
||||
(get_secontext_field): ...this; remove "static" qualifier; add "field"
|
||||
argument, use it.
|
||||
(raw_expected_secontext_short_file, raw_secontext_short_pid): Replace
|
||||
get_type_from_context call with get_secontext_field.
|
||||
(get_secontext_field_file): New function.
|
||||
(raw_secontext_short_file): Replace body with get_secontext_field_file
|
||||
call.
|
||||
---
|
||||
tests/secontext.c | 27 +++++++++++++++------------
|
||||
tests/secontext.h | 20 ++++++++++++++++++++
|
||||
2 files changed, 35 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/tests/secontext.c b/tests/secontext.c
|
||||
index 848eea9..52211ed 100644
|
||||
--- a/tests/secontext.c
|
||||
+++ b/tests/secontext.c
|
||||
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
|
||||
return context;
|
||||
}
|
||||
|
||||
-static char *
|
||||
-get_type_from_context(const char *full_context)
|
||||
+char *
|
||||
+get_secontext_field(const char *full_context, enum secontext_field field)
|
||||
{
|
||||
int saved_errno = errno;
|
||||
|
||||
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
|
||||
char *context = NULL;
|
||||
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
|
||||
token; token = strtok_r(NULL, ":", &saveptr), i++) {
|
||||
- if (i == 2) {
|
||||
+ if (i == field) {
|
||||
context = xstrdup(token);
|
||||
break;
|
||||
}
|
||||
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
|
||||
int saved_errno = errno;
|
||||
|
||||
char *ctx = raw_expected_secontext_full_file(filename);
|
||||
- char *type = get_type_from_context(ctx);
|
||||
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
|
||||
free(ctx);
|
||||
|
||||
errno = saved_errno;
|
||||
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
|
||||
return full_secontext;
|
||||
}
|
||||
|
||||
-static char *
|
||||
-raw_secontext_short_file(const char *filename)
|
||||
+char *
|
||||
+get_secontext_field_file(const char *file, enum secontext_field field)
|
||||
{
|
||||
- int saved_errno = errno;
|
||||
-
|
||||
- char *ctx = raw_secontext_full_file(filename);
|
||||
- char *type = get_type_from_context(ctx);
|
||||
+ char *ctx = raw_secontext_full_file(file);
|
||||
+ char *type = get_secontext_field(ctx, field);
|
||||
free(ctx);
|
||||
|
||||
- errno = saved_errno;
|
||||
return type;
|
||||
}
|
||||
|
||||
static char *
|
||||
+raw_secontext_short_file(const char *filename)
|
||||
+{
|
||||
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
|
||||
+}
|
||||
+
|
||||
+static char *
|
||||
raw_secontext_full_pid(pid_t pid)
|
||||
{
|
||||
int saved_errno = errno;
|
||||
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
|
||||
int saved_errno = errno;
|
||||
|
||||
char *ctx = raw_secontext_full_pid(pid);
|
||||
- char *type = get_type_from_context(ctx);
|
||||
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
|
||||
free(ctx);
|
||||
|
||||
errno = saved_errno;
|
||||
diff --git a/tests/secontext.h b/tests/secontext.h
|
||||
index 1d0251a..e5571d5 100644
|
||||
--- a/tests/secontext.h
|
||||
+++ b/tests/secontext.h
|
||||
@@ -23,6 +23,15 @@ enum secontext_field {
|
||||
|
||||
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
|
||||
|
||||
+/**
|
||||
+ * Parse a SELinux context string and return a specified field, duplicated
|
||||
+ * in a separate string. The caller is responsible for freeing the memory
|
||||
+ * pointed by the returned value.
|
||||
+ */
|
||||
+char *get_secontext_field(const char *full_context, enum secontext_field field);
|
||||
+
|
||||
+char *get_secontext_field_file(const char *file, enum secontext_field field);
|
||||
+
|
||||
void update_secontext_field(const char *file, enum secontext_field field,
|
||||
const char *newvalue);
|
||||
|
||||
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
|
||||
|
||||
#else
|
||||
|
||||
+static inline char *
|
||||
+get_secontext_field(const char *ctx, enum secontext_field field)
|
||||
+{
|
||||
+ return NULL;
|
||||
+}
|
||||
+static inline char *
|
||||
+get_secontext_field_file(const char *file, enum secontext_field field)
|
||||
+{
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
static inline void
|
||||
update_secontext_field(const char *file, enum secontext_field field,
|
||||
const char *newvalue)
|
||||
--
|
||||
2.1.4
|
||||
|
@ -0,0 +1,71 @@
|
||||
From 97e2742a7f1e6e113354911d04505ada3bfb5d70 Mon Sep 17 00:00:00 2001
|
||||
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||
Date: Tue, 18 Jan 2022 18:04:42 +0100
|
||||
Subject: [PATCH 172/174] tests/linkat: provide fallback values for secontext
|
||||
fields changes
|
||||
|
||||
* tests/linkat.c (mangle_secontext_field): New function.
|
||||
(main): Replace calls to update_secontext_field
|
||||
with mangle_secontext_field calls.
|
||||
---
|
||||
tests/linkat.c | 23 ++++++++++++++++++++---
|
||||
1 file changed, 20 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/tests/linkat.c b/tests/linkat.c
|
||||
index c3e2ee4..decb736 100644
|
||||
--- a/tests/linkat.c
|
||||
+++ b/tests/linkat.c
|
||||
@@ -21,6 +21,20 @@
|
||||
#include "secontext.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
+static void
|
||||
+mangle_secontext_field(const char *path, enum secontext_field field,
|
||||
+ const char *new_val, const char *fallback_val)
|
||||
+{
|
||||
+ char *orig = get_secontext_field_file(path, field);
|
||||
+ if (!orig)
|
||||
+ return;
|
||||
+
|
||||
+ update_secontext_field(path, field,
|
||||
+ strcmp(new_val, orig) ? new_val : fallback_val);
|
||||
+
|
||||
+ free(orig);
|
||||
+}
|
||||
+
|
||||
int
|
||||
main(void)
|
||||
{
|
||||
@@ -93,7 +107,8 @@ main(void)
|
||||
|
||||
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||
errno = 0;
|
||||
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
|
||||
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
|
||||
+ "unconfined_u");
|
||||
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||
|
||||
# ifdef PRINT_SECONTEXT_FULL
|
||||
@@ -115,7 +130,8 @@ main(void)
|
||||
#endif
|
||||
|
||||
errno = 0;
|
||||
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
|
||||
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
|
||||
+ "unconfined_t");
|
||||
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||
sample_2_secontext = sample_1_secontext;
|
||||
|
||||
@@ -146,7 +162,8 @@ main(void)
|
||||
char *cwd = get_fd_path(dfd_old);
|
||||
|
||||
errno = 0;
|
||||
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
|
||||
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
|
||||
+ "unconfined_t");
|
||||
char *dfd_old_secontext = SECONTEXT_FILE(".");
|
||||
|
||||
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||
--
|
||||
2.1.4
|
||||
|
@ -0,0 +1,31 @@
|
||||
From 6e8aa3749cb7e11e9a59db996f79f036bf7ef263 Mon Sep 17 00:00:00 2001
|
||||
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||
Date: Tue, 18 Jan 2022 18:05:19 +0100
|
||||
Subject: [PATCH 173/174] tests/secontext: eliminate separate secontext_format
|
||||
declaration
|
||||
|
||||
* tests/secontext.c (secontext_format): Remove declaration, supply
|
||||
the attributes to the definition.
|
||||
---
|
||||
tests/secontext.c | 5 +----
|
||||
1 file changed, 1 insertion(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tests/secontext.c b/tests/secontext.c
|
||||
index 52211ed..ba271c8 100644
|
||||
--- a/tests/secontext.c
|
||||
+++ b/tests/secontext.c
|
||||
@@ -23,10 +23,7 @@
|
||||
# define TEST_SECONTEXT
|
||||
# include "secontext.h"
|
||||
|
||||
-static char *
|
||||
-secontext_format(char *context, const char *fmt)
|
||||
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
|
||||
-
|
||||
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
|
||||
static char *
|
||||
secontext_format(char *context, const char *fmt)
|
||||
{
|
||||
--
|
||||
2.1.4
|
||||
|
@ -0,0 +1,76 @@
|
||||
From 78a81bcfb71ef3d9f6e8b1a32e123fbbc6112a60 Mon Sep 17 00:00:00 2001
|
||||
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||
Date: Tue, 18 Jan 2022 18:24:34 +0100
|
||||
Subject: [PATCH 174/174] tests/linkat: reset context to the expected one if a
|
||||
mismatch has been detected
|
||||
|
||||
* tests/secontext.h (reset_secontext_file): New declaration.
|
||||
* tests/secontext.c (reset_secontext_file): New function.
|
||||
* tests/linkat.c (main): Check that there is no initial mismatch
|
||||
in the sample_1 context, reset it otherwise.
|
||||
---
|
||||
tests/linkat.c | 3 +++
|
||||
tests/secontext.c | 7 +++++++
|
||||
tests/secontext.h | 7 +++++++
|
||||
3 files changed, 17 insertions(+)
|
||||
|
||||
diff --git a/tests/linkat.c b/tests/linkat.c
|
||||
index decb736..781b85a 100644
|
||||
--- a/tests/linkat.c
|
||||
+++ b/tests/linkat.c
|
||||
@@ -103,6 +103,9 @@ main(void)
|
||||
if (close(fd_sample_2))
|
||||
perror_msg_and_fail("close");
|
||||
|
||||
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
|
||||
+ reset_secontext_file(sample_1);
|
||||
+
|
||||
free(sample_1_secontext);
|
||||
|
||||
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||
diff --git a/tests/secontext.c b/tests/secontext.c
|
||||
index ba271c8..94fadd4 100644
|
||||
--- a/tests/secontext.c
|
||||
+++ b/tests/secontext.c
|
||||
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
|
||||
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
|
||||
}
|
||||
|
||||
+void reset_secontext_file(const char *file)
|
||||
+{
|
||||
+ char *proper_ctx = raw_expected_secontext_full_file(file);
|
||||
+ (void) setfilecon(file, proper_ctx);
|
||||
+ free(proper_ctx);
|
||||
+}
|
||||
+
|
||||
void
|
||||
update_secontext_field(const char *file, enum secontext_field field,
|
||||
const char *newvalue)
|
||||
diff --git a/tests/secontext.h b/tests/secontext.h
|
||||
index e5571d5..387263e 100644
|
||||
--- a/tests/secontext.h
|
||||
+++ b/tests/secontext.h
|
||||
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
|
||||
|
||||
char *get_secontext_field_file(const char *file, enum secontext_field field);
|
||||
|
||||
+void reset_secontext_file(const char *file);
|
||||
+
|
||||
void update_secontext_field(const char *file, enum secontext_field field,
|
||||
const char *newvalue);
|
||||
|
||||
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
|
||||
}
|
||||
|
||||
static inline void
|
||||
+reset_secontext_file(const char *file)
|
||||
+{
|
||||
+}
|
||||
+
|
||||
+static inline void
|
||||
update_secontext_field(const char *file, enum secontext_field field,
|
||||
const char *newvalue)
|
||||
{
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: Tracks and displays system calls associated with a running process
|
||||
Name: strace
|
||||
Version: 5.13
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
# The test suite is GPLv2+, all the rest is LGPLv2.1+.
|
||||
License: LGPL-2.1+ and GPL-2.0+
|
||||
Group: Development/Debuggers
|
||||
@ -248,6 +248,16 @@ Patch166: 0166-tee-rewrite-num_params-access-in-tee_fetch_buf_data.patch
|
||||
# v5.15~1 "print_ifindex: fix IFNAME_QUOTED_SZ definition"
|
||||
Patch167: 0167-print_ifindex-fix-IFNAME_QUOTED_SZ-definition.patch
|
||||
|
||||
# v5.15~18 "m4: fix st_SELINUX check"
|
||||
Patch168: 0168-m4-fix-st_SELINUX-check.patch
|
||||
# v5.16~31 "Implement displaying of expected context upon mismatch"
|
||||
Patch169: 0169-Implement-displaying-of-expected-context-upon-mismat.patch
|
||||
Patch170: 0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch
|
||||
Patch171: 0171-tests-secontext-add-secontext-field-getters.patch
|
||||
Patch172: 0172-tests-linkat-provide-fallback-values-for-secontext-f.patch
|
||||
Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch
|
||||
Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
|
||||
|
||||
### Wire up rseq and kexec_file_load in order to avoid kexec_file_load
|
||||
### test failure on aarch64. Addresses https://bugzilla.redhat.com/1676045
|
||||
### ("strace: FTBFS in Fedora rawhide/f30").
|
||||
@ -397,6 +407,13 @@ received by a process.
|
||||
%patch165 -p1
|
||||
%patch166 -p1
|
||||
%patch167 -p1
|
||||
%patch168 -p1
|
||||
%patch169 -p1
|
||||
%patch170 -p1
|
||||
%patch171 -p1
|
||||
%patch172 -p1
|
||||
%patch173 -p1
|
||||
%patch174 -p1
|
||||
|
||||
#%patch1000 -p1
|
||||
#%patch1001 -p1
|
||||
@ -483,6 +500,9 @@ echo 'END OF TEST SUITE INFORMATION'
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Wed Jan 19 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-3
|
||||
- Add --secontext=mismatch option support (#2038810).
|
||||
|
||||
* Wed Jan 05 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-2
|
||||
- Fix incorrect ifname printing buffer size (#2028158).
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user