From c32cef440fa99149b29c4f1633bdab1ed5046aef Mon Sep 17 00:00:00 2001 From: Eugene Syromiatnikov Date: Wed, 13 Jul 2022 13:07:07 +0200 Subject: [PATCH] Fix post-rebase issues - Add 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch (v5.18-5-g2bf0696 "src/xlat: remove remnants of unnecessary idx usage in xlookup") - Add 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch (v5.18-7-ge604d7b "strauss: tips whitespace and phrasing cleanups") - Add 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch (v5.18-8-g968789d "strauss: fix off-by-one error in strauss array access") - Add 0178-util-add-offs-sanity-check-to-print_clock_t.patch (v5.18-9-g6d3e97e "util: add offs sanity check to print_clock_t") - Add 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch (v5.18-13-g960e78f "secontext: print context of Unix socket's sun_path field") - Add 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch (v5.18-18-g676979f "pathtrace, util: do not print " (deleted)" as part of the path") - Add 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch )v5.18-19-g3f0e534 "secontext: fix expected SELinux context check for unlinked FDs") - Add 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch (v5.18-21-g5338636 "tests/bpf: fix sloppy low FD number usage") * 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch: New patch. * 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch: Likewise. * 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch: Likewise. * 0178-util-add-offs-sanity-check-to-print_clock_t.patch: Likewise. * 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch: Likewise. * 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch: Likewise. * 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch: Likewise. * 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch: Likewise. * strace.spec (Release): Bump to 2. (Patch175, Patch176, Patch177, Patch178, Patch179, Patch180, Patch181, Patch182): Add. (%prep): Apply them. (%changelog): New record about 5.18-2. Resolves: #2087693 Resolves: #2103068 Resolves: #2103032 Signed-off-by: Eugene Syromiatnikov --- ...remnants-of-unnecessary-idx-usage-in.patch | 58 ++ ...ips-whitespace-and-phrasing-cleanups.patch | 56 ++ ...by-one-error-in-strauss-array-access.patch | 48 + ...d-offs-sanity-check-to-print_clock_t.patch | 62 ++ ...context-of-Unix-socket-s-sun_path-fi.patch | 882 ++++++++++++++++++ ...o-not-print-deleted-as-part-of-the-p.patch | 374 ++++++++ ...pected-SELinux-context-check-for-unl.patch | 209 +++++ ...s-bpf-fix-sloppy-low-FD-number-usage.patch | 70 ++ strace.spec | 43 +- 9 files changed, 1800 insertions(+), 2 deletions(-) create mode 100644 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch create mode 100644 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch create mode 100644 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch create mode 100644 0178-util-add-offs-sanity-check-to-print_clock_t.patch create mode 100644 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch create mode 100644 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch create mode 100644 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch create mode 100644 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch diff --git a/0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch b/0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch new file mode 100644 index 0000000..a393a8e --- /dev/null +++ b/0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch @@ -0,0 +1,58 @@ +From 2bf069698a384ff2bc62d2a10544d49d766b4d7f Mon Sep 17 00:00:00 2001 +From: Eugene Syromyatnikov +Date: Mon, 27 Jun 2022 18:00:17 +0200 +Subject: [PATCH] src/xlat: remove remnants of unnecessary idx usage in xlookup + +As there is no idx saving between calls anymore, there's no need to use +(and update) idx in the XT_SORTED case. Reported by clang as a dead store: + + Error: CLANG_WARNING: + strace-5.18/src/xlat.c:84:4: warning[deadcode.DeadStores]: Value stored to 'idx' is never read + +* src/xlat.c (xlookup): Remove idx declaration; declare idx inside +of the for loop in the XT_NORMAL case; do not offset x->data and x->size +by offs in the XT_SORTED case and do not update idx upon successful +lookup. + +Complements: v5.15~164 "xlat: no longer interpret NULL xlat as continuation" +--- + src/xlat.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +Index: strace-5.18/src/xlat.c +=================================================================== +--- strace-5.18.orig/src/xlat.c 2022-07-12 17:11:52.660927011 +0200 ++++ strace-5.18/src/xlat.c 2022-07-12 17:16:18.116794139 +0200 +@@ -61,7 +61,6 @@ + const char * + xlookup(const struct xlat *x, const uint64_t val) + { +- size_t idx = 0; + const struct xlat_data *e; + + if (!x || !x->data) +@@ -69,21 +68,18 @@ + + switch (x->type) { + case XT_NORMAL: +- for (; idx < x->size; idx++) ++ for (size_t idx = 0; idx < x->size; idx++) + if (x->data[idx].val == val) + return x->data[idx].str; + break; + + case XT_SORTED: + e = bsearch((const void *) &val, +- x->data + idx, +- x->size - idx, ++ x->data, x->size, + sizeof(x->data[0]), + xlat_bsearch_compare); +- if (e) { +- idx = e - x->data; ++ if (e) + return e->str; +- } + break; + + case XT_INDEXED: diff --git a/0176-strauss-tips-whitespace-and-phrasing-cleanups.patch b/0176-strauss-tips-whitespace-and-phrasing-cleanups.patch new file mode 100644 index 0000000..1c132f9 --- /dev/null +++ b/0176-strauss-tips-whitespace-and-phrasing-cleanups.patch @@ -0,0 +1,56 @@ +From e604d7bfd18cf5f29e6723091cc1db2945c918c9 Mon Sep 17 00:00:00 2001 +From: Eugene Syromyatnikov +Date: Tue, 28 Jun 2022 16:46:53 +0200 +Subject: [PATCH] strauss: tips whitespace and phrasing cleanups + +* src/strauss.c (tips_tricks_tweaks): Fix some whitespace and phrasing +issues. +--- + src/strauss.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +Index: strace-5.18/src/strauss.c +=================================================================== +--- strace-5.18.orig/src/strauss.c 2022-07-12 17:17:08.712197019 +0200 ++++ strace-5.18/src/strauss.c 2022-07-12 17:17:20.685055717 +0200 +@@ -128,8 +128,8 @@ + { "strace is about as old as the Linux kernel.", + "It has been originally written for SunOS", + "by Paul Kranenburg in 1991. The support", +- "for all OSes except Linux has been dropped", +- "since 2012, though, in strace 4.7." }, ++ "for all OSes except Linux was dropped" ++ "in 2012, though, in strace 4.7." }, + { "strace is able to decode netlink messages.", + "It does so automatically for I/O performed", + "on netlink sockets. Try it yourself:", "", +@@ -187,7 +187,7 @@ + "want to try --seccomp-bpf option, maybe you", + "will feel better." }, + { "-v is a shorthand for -e abbrev=none and not", +- " for -e verbose=all. It is idiosyncratic,", ++ "for -e verbose=all. It is idiosyncratic,", + "but it is the historic behaviour." }, + { "strace uses netlink for printing", + "protocol-specific information about socket", +@@ -254,7 +254,7 @@ + "by invoking it with the following options:", "", + " strace -DDDqqq -enone --signal=none" }, + { "Historically, supplying -o option to strace", +- "led to silencing of messages about tracee", ++ "leads to silencing of messages about tracee", + "attach/detach and personality changes.", + "It can be now overridden with --quiet=none", + "option." }, +@@ -285,8 +285,9 @@ + "will trace all syscalls related to accessing", + "and modifying process's user/group IDs", + "and capability sets. Other pre-defined", +- "syscall classes include %clock, %desc,%file,", +- "%ipc,%memory, %net,%process, and %signal." }, ++ "syscall classes include %clock, %desc," ++ "%file, %ipc, %memory, %net, %process," ++ "and %signal." }, + { "Trying to figure out communication between", + "tracees inside a different PID namespace", + "(in so-called \"containers\", for example)?", diff --git a/0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch b/0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch new file mode 100644 index 0000000..3faa9a4 --- /dev/null +++ b/0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch @@ -0,0 +1,48 @@ +From 968789d5426442ac43b96eabd65f3e5c0c141e62 Mon Sep 17 00:00:00 2001 +From: Eugene Syromyatnikov +Date: Tue, 28 Jun 2022 16:47:56 +0200 +Subject: [PATCH] strauss: fix off-by-one error in strauss array access + +It has to be limited with strauss_lines - 1, not strauss_lines. +Reported by covscan: + + Error: OVERRUN (CWE-119): + strace-5.18/src/strauss.c:380: cond_at_least: Checking "4UL + i < 37UL" + implies that "i" is at least 33 on the false branch. + strace-5.18/src/strauss.c:380: overrun-local: Overrunning array "strauss" + of 37 8-byte elements at element index 37 (byte offset 303) using index + "(4UL + i < 37UL) ? 4UL + i : 37UL" (which evaluates to 37). + +* src/strauss.c (print_totd): Limit strauss array accesses to +strauss_lines - 1 instead of strauss_lines. +--- + src/strauss.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/strauss.c b/src/strauss.c +index 98af183..b22ab6a 100644 +--- a/src/strauss.c ++++ b/src/strauss.c +@@ -373,16 +373,16 @@ print_totd(void) + tip_left[MIN(i + 1, ARRAY_SIZE(tip_left) - 1)], + w, w, tips_tricks_tweaks[id][i] ?: "", + tip_right[MIN(i + 1, ARRAY_SIZE(tip_right) - 1)], +- strauss[MIN(3 + i, strauss_lines)]); ++ strauss[MIN(3 + i, strauss_lines - 1)]); + } + fprintf(stderr, "%s%s\n", +- tip_bottom, strauss[MIN(3 + i, strauss_lines)]); ++ tip_bottom, strauss[MIN(3 + i, strauss_lines - 1)]); + do { + fprintf(stderr, "%*s%*s%*s%s\n", + (int) strlen(tip_left[0]), "", + w, "", + (int) strlen(tip_right[0]), "", +- strauss[MIN(4 + i, strauss_lines)]); ++ strauss[MIN(4 + i, strauss_lines - 1)]); + } while ((show_tips == TIPS_FULL) && (4 + ++i < strauss_lines)); + + printed = true; +-- +2.1.4 + diff --git a/0178-util-add-offs-sanity-check-to-print_clock_t.patch b/0178-util-add-offs-sanity-check-to-print_clock_t.patch new file mode 100644 index 0000000..1924ea1 --- /dev/null +++ b/0178-util-add-offs-sanity-check-to-print_clock_t.patch @@ -0,0 +1,62 @@ +From 6d3e97e83a7d61cbb2f5109efb4b519383a55712 Mon Sep 17 00:00:00 2001 +From: Eugene Syromyatnikov +Date: Tue, 28 Jun 2022 16:55:49 +0200 +Subject: [PATCH] util: add offs sanity check to print_clock_t + +While it is not strictly needed right now, the code that uses +the calculated offs value lacks any checks for possible buf overruns, +which is not defensive enough, so let's add them. Reported by covscan: + + Error: OVERRUN (CWE-119): + strace-5.18/src/util.c:248: assignment: Assigning: + "offs" = "ilog10(val / clk_tck)". The value of "offs" is now between + 16 and 31 (inclusive). + strace-5.18/src/util.c:249: overrun-local: Overrunning array of 30 bytes + at byte offset 31 by dereferencing pointer "buf + offs". [Note: The source + code implementation of the function has been overridden by a builtin model.] + + Error: OVERRUN (CWE-119): + strace-5.18/src/util.c:248: assignment: Assigning: + "offs" = "ilog10(val / clk_tck)". The value of "offs" is now between + 16 and 31 (inclusive). + strace-5.18/src/util.c:253: overrun-buffer-arg: Overrunning array "buf" + of 30 bytes by passing it to a function which accesses it at byte offset + 32 using argument "offs + 2UL" (which evaluates to 33). [Note: The source + code implementation of the function has been overridden by a builtin model.] + + Error: OVERRUN (CWE-119): + strace-5.18/src/util.c:248: assignment: Assigning: + "offs" = "ilog10(val / clk_tck)". The value of "offs" is now between + 16 and 31 (inclusive). + strace-5.18/src/util.c:254: overrun-local: Overrunning array "buf" + of 30 bytes at byte offset 32 using index "offs + 1UL" (which evaluates + to 32). + +* src/util.c (print_clock_t): Add check that offs is small enough +for it and "offs + 2" not to overrun buf. +--- + src/util.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/util.c b/src/util.c +index 5f87acb..93aa7b3 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -246,6 +246,14 @@ print_clock_t(uint64_t val) + */ + char buf[sizeof(uint64_t) * 3 + sizeof("0.0 s")]; + size_t offs = ilog10(val / clk_tck); ++ /* ++ * This check is mostly to appease covscan, which thinks ++ * that offs can go as high as 31 (it cannot), but since ++ * there is no proper sanity checks against offs overrunning ++ * buf down the code, it may as well be here. ++ */ ++ if (offs > (sizeof(buf) - sizeof("0.0 s"))) ++ return; + int ret = snprintf(buf + offs, sizeof(buf) - offs, "%.*f s", + frac_width, + (double) (val % clk_tck) / clk_tck); +-- +2.1.4 + diff --git a/0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch b/0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch new file mode 100644 index 0000000..1bf7cb7 --- /dev/null +++ b/0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch @@ -0,0 +1,882 @@ +From 960e78f208b4f6d48962bbc9cad45588cc8c90ad Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Tue, 21 Jun 2022 08:43:00 +0200 +Subject: [PATCH] secontext: print context of Unix socket's sun_path field +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Renaud Métrich + +* src/sockaddr.c: Include "secontext.h". +(print_sockaddr_data_un): Print the SELinux context of sun_path field +using selinux_printfilecon. +* NEWS: Mention this change. +* tests/secontext.c (raw_secontext_full_fd, get_secontext_field_fd, +raw_secontext_short_fd, secontext_full_fd, secontext_short_fd): New +functions. +* tests/secontext.h (secontext_full_fd, secontext_short_fd, +get_secontext_field_fd): New prototypes. +(SECONTEXT_FD): New macro. +* tests/sockname.c: Include "secontext.h". +(test_sockname_syscall): Update expected output. +* tests/gen_tests.in (getsockname--secontext, +getsockname--secontext_full, getsockname--secontext_full_mismatch, +getsockname--secontext_mismatch): New tests. + +Resolves: https://github.com/strace/strace/pull/214 +--- + NEWS | 1 + + src/sockaddr.c | 3 +++ + tests/gen_tests.in | 4 ++++ + tests/secontext.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ + tests/secontext.h | 12 ++++++++++++ + tests/sockname.c | 54 +++++++++++++++++++++++++++++++++++------------------- + 6 files changed, 104 insertions(+), 19 deletions(-) + +Index: strace-5.18/NEWS +=================================================================== +--- strace-5.18.orig/NEWS 2022-07-12 18:20:18.495470531 +0200 ++++ strace-5.18/NEWS 2022-07-12 18:20:44.531163262 +0200 +@@ -5,6 +5,7 @@ + * Added an interface of raising des Strausses awareness. + * Added --tips option to print strace tips, tricks, and tweaks + at the end of the tracing session. ++ * Implemented printing of Unix socket sun_path field's SELinux context. + * Enhanced decoding of bpf and io_uring_register syscalls. + * Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl + commands. +Index: strace-5.18/src/sockaddr.c +=================================================================== +--- strace-5.18.orig/src/sockaddr.c 2022-07-12 18:17:36.745379483 +0200 ++++ strace-5.18/src/sockaddr.c 2022-07-12 18:20:18.495470531 +0200 +@@ -63,6 +63,8 @@ + #include "xlat/mctp_addrs.h" + #include "xlat/mctp_nets.h" + ++#include "secontext.h" ++ + #define SIZEOF_SA_FAMILY sizeof_field(struct sockaddr, sa_family) + + struct sockaddr_rxrpc { +@@ -115,6 +117,7 @@ + if (sa_un->sun_path[0]) { + print_quoted_string(sa_un->sun_path, path_len + 1, + QUOTE_0_TERMINATED); ++ selinux_printfilecon(tcp, sa_un->sun_path); + } else { + tprints("@"); + print_quoted_string(sa_un->sun_path + 1, path_len - 1, 0); +Index: strace-5.18/tests/gen_tests.in +=================================================================== +--- strace-5.18.orig/tests/gen_tests.in 2022-07-12 18:17:36.746379471 +0200 ++++ strace-5.18/tests/gen_tests.in 2022-07-12 18:20:18.496470519 +0200 +@@ -225,6 +225,10 @@ + getsid -a10 + getsid--pidns-translation test_pidns -e trace=getsid -a10 + getsockname -a27 ++getsockname--secontext -a27 --secontext -e trace=getsockname ++getsockname--secontext_full -a27 --secontext=full -e trace=getsockname ++getsockname--secontext_full_mismatch -a27 --secontext=full,mismatch -e trace=getsockname ++getsockname--secontext_mismatch -a27 --secontext=mismatch -e trace=getsockname + gettid -a9 + getuid-creds +getuid.test + getuid32 +getuid.test +Index: strace-5.18/tests/secontext.c +=================================================================== +--- strace-5.18.orig/tests/secontext.c 2022-07-12 18:17:36.747379459 +0200 ++++ strace-5.18/tests/secontext.c 2022-07-12 18:20:18.496470519 +0200 +@@ -141,6 +141,21 @@ + return full_secontext; + } + ++static char * ++raw_secontext_full_fd(int fd) ++{ ++ int saved_errno = errno; ++ char *full_secontext = NULL; ++ char *secontext; ++ ++ if (fgetfilecon(fd, &secontext) >= 0) { ++ full_secontext = strip_trailing_newlines(xstrdup(secontext)); ++ freecon(secontext); ++ } ++ errno = saved_errno; ++ return full_secontext; ++} ++ + char * + get_secontext_field_file(const char *file, enum secontext_field field) + { +@@ -151,6 +166,16 @@ + return type; + } + ++char * ++get_secontext_field_fd(int fd, enum secontext_field field) ++{ ++ char *ctx = raw_secontext_full_fd(fd); ++ char *type = get_secontext_field(ctx, field); ++ free(ctx); ++ ++ return type; ++} ++ + static char * + raw_secontext_short_file(const char *filename) + { +@@ -158,6 +183,12 @@ + } + + static char * ++raw_secontext_short_fd(int fd) ++{ ++ return get_secontext_field_fd(fd, SECONTEXT_TYPE); ++} ++ ++static char * + raw_secontext_full_pid(pid_t pid) + { + int saved_errno = errno; +@@ -205,6 +236,15 @@ + } + + char * ++secontext_full_fd(int fd) ++{ ++ int saved_errno = errno; ++ char *context = raw_secontext_full_fd(fd); ++ errno = saved_errno; ++ return FORMAT_SPACE_BEFORE(context); ++} ++ ++char * + secontext_full_pid(pid_t pid) + { + return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid)); +@@ -228,6 +268,15 @@ + errno = saved_errno; + return FORMAT_SPACE_BEFORE(context); + } ++ ++char * ++secontext_short_fd(int fd) ++{ ++ int saved_errno = errno; ++ char *context = raw_secontext_short_fd(fd); ++ errno = saved_errno; ++ return FORMAT_SPACE_BEFORE(context); ++} + + char * + secontext_short_pid(pid_t pid) +Index: strace-5.18/tests/secontext.h +=================================================================== +--- strace-5.18.orig/tests/secontext.h 2022-07-12 18:17:36.747379459 +0200 ++++ strace-5.18/tests/secontext.h 2022-07-12 18:20:18.496470519 +0200 +@@ -9,9 +9,11 @@ + #include "xmalloc.h" + #include + ++char *secontext_full_fd(int) ATTRIBUTE_MALLOC; + char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC; + char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC; + ++char *secontext_short_fd(int) ATTRIBUTE_MALLOC; + char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC; + char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC; + +@@ -30,6 +32,7 @@ + */ + char *get_secontext_field(const char *full_context, enum secontext_field field); + ++char *get_secontext_field_fd(int fd, enum secontext_field field); + char *get_secontext_field_file(const char *file, enum secontext_field field); + + void reset_secontext_file(const char *file); +@@ -44,6 +47,7 @@ + # else + # define SECONTEXT_FILE(filename) secontext_full_file(filename, false) + # endif ++# define SECONTEXT_FD(fd) secontext_full_fd(fd) + # define SECONTEXT_PID(pid) secontext_full_pid(pid) + + # else +@@ -53,6 +57,7 @@ + # else + # define SECONTEXT_FILE(filename) secontext_short_file(filename, false) + # endif ++# define SECONTEXT_FD(fd) secontext_short_fd(fd) + # define SECONTEXT_PID(pid) secontext_short_pid(pid) + + # endif +@@ -65,6 +70,12 @@ + return NULL; + } + static inline char * ++get_secontext_field_fd(int fd, enum secontext_field field) ++{ ++ return NULL; ++} ++ ++static inline char * + get_secontext_field_file(const char *file, enum secontext_field field) + { + return NULL; +@@ -81,6 +92,7 @@ + { + } + ++# define SECONTEXT_FD(fd) xstrdup("") + # define SECONTEXT_FILE(filename) xstrdup("") + # define SECONTEXT_PID(pid) xstrdup("") + +Index: strace-5.18/tests/sockname.c +=================================================================== +--- strace-5.18.orig/tests/sockname.c 2022-07-12 18:17:36.748379448 +0200 ++++ strace-5.18/tests/sockname.c 2022-07-12 18:20:18.496470519 +0200 +@@ -18,6 +18,8 @@ + #include + #include + ++#include "secontext.h" ++ + #ifndef TEST_SYSCALL_NAME + # error TEST_SYSCALL_NAME must be defined + #endif +@@ -59,14 +61,19 @@ + *plen = sizeof(struct sockaddr_un); + struct sockaddr_un *addr = tail_alloc(*plen); + ++ char *my_secontext = SECONTEXT_PID_MY(); ++ char *fd_secontext = SECONTEXT_FD(fd); ++ + PREPARE_TEST_SYSCALL_INVOCATION; + int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr, + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" + ", [%d => %d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, ++ addr->sun_path, SECONTEXT_FILE(addr->sun_path), + (int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc); + + memset(addr, 0, sizeof(*addr)); +@@ -75,28 +82,34 @@ + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" + ", [%d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, ++ addr->sun_path, SECONTEXT_FILE(addr->sun_path), + (int) *plen, SUFFIX_STR, rc); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS); +- printf("%s(%d%s, %p, NULL%s) = %s\n", +- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR, +- sprintrc(rc)); ++ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, ++ addr, SUFFIX_STR, sprintrc(rc)); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS); +- printf("%s(%d%s, NULL, NULL%s) = %s\n", +- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, ++ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, ++ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, + SUFFIX_STR, sprintrc(rc)); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, + plen + 1 SUFFIX_ARGS); +- printf("%s(%d%s, %p, %p%s) = %s\n", +- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, ++ printf("%s%s(%d%s%s, %p, %p%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, + plen + 1, SUFFIX_STR, sprintrc(rc)); + + const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path); +@@ -108,8 +121,9 @@ + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + (int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc); + + ++addr; +@@ -121,17 +135,19 @@ + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}" ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}" + ", [%d => %d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + (int) (sizeof(struct sockaddr) - offsetof_sun_path), +- addr->sun_path, (int) sizeof(struct sockaddr), +- (int) *plen, SUFFIX_STR, rc); ++ addr->sun_path, SECONTEXT_FILE(addr->sun_path), ++ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, + plen SUFFIX_ARGS); +- printf("%s(%d%s, %p, [%d]%s) = %s\n", +- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, ++ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, + *plen, SUFFIX_STR, sprintrc(rc)); + } +Index: strace-5.18/tests-m32/secontext.c +=================================================================== +--- strace-5.18.orig/tests-m32/secontext.c 2022-07-12 18:17:36.747379459 +0200 ++++ strace-5.18/tests-m32/secontext.c 2022-07-12 18:20:18.496470519 +0200 +@@ -141,6 +141,21 @@ + return full_secontext; + } + ++static char * ++raw_secontext_full_fd(int fd) ++{ ++ int saved_errno = errno; ++ char *full_secontext = NULL; ++ char *secontext; ++ ++ if (fgetfilecon(fd, &secontext) >= 0) { ++ full_secontext = strip_trailing_newlines(xstrdup(secontext)); ++ freecon(secontext); ++ } ++ errno = saved_errno; ++ return full_secontext; ++} ++ + char * + get_secontext_field_file(const char *file, enum secontext_field field) + { +@@ -151,6 +166,16 @@ + return type; + } + ++char * ++get_secontext_field_fd(int fd, enum secontext_field field) ++{ ++ char *ctx = raw_secontext_full_fd(fd); ++ char *type = get_secontext_field(ctx, field); ++ free(ctx); ++ ++ return type; ++} ++ + static char * + raw_secontext_short_file(const char *filename) + { +@@ -158,6 +183,12 @@ + } + + static char * ++raw_secontext_short_fd(int fd) ++{ ++ return get_secontext_field_fd(fd, SECONTEXT_TYPE); ++} ++ ++static char * + raw_secontext_full_pid(pid_t pid) + { + int saved_errno = errno; +@@ -205,6 +236,15 @@ + } + + char * ++secontext_full_fd(int fd) ++{ ++ int saved_errno = errno; ++ char *context = raw_secontext_full_fd(fd); ++ errno = saved_errno; ++ return FORMAT_SPACE_BEFORE(context); ++} ++ ++char * + secontext_full_pid(pid_t pid) + { + return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid)); +@@ -228,6 +268,15 @@ + errno = saved_errno; + return FORMAT_SPACE_BEFORE(context); + } ++ ++char * ++secontext_short_fd(int fd) ++{ ++ int saved_errno = errno; ++ char *context = raw_secontext_short_fd(fd); ++ errno = saved_errno; ++ return FORMAT_SPACE_BEFORE(context); ++} + + char * + secontext_short_pid(pid_t pid) +Index: strace-5.18/tests-m32/secontext.h +=================================================================== +--- strace-5.18.orig/tests-m32/secontext.h 2022-07-12 18:17:36.747379459 +0200 ++++ strace-5.18/tests-m32/secontext.h 2022-07-12 18:20:18.496470519 +0200 +@@ -9,9 +9,11 @@ + #include "xmalloc.h" + #include + ++char *secontext_full_fd(int) ATTRIBUTE_MALLOC; + char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC; + char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC; + ++char *secontext_short_fd(int) ATTRIBUTE_MALLOC; + char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC; + char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC; + +@@ -30,6 +32,7 @@ + */ + char *get_secontext_field(const char *full_context, enum secontext_field field); + ++char *get_secontext_field_fd(int fd, enum secontext_field field); + char *get_secontext_field_file(const char *file, enum secontext_field field); + + void reset_secontext_file(const char *file); +@@ -44,6 +47,7 @@ + # else + # define SECONTEXT_FILE(filename) secontext_full_file(filename, false) + # endif ++# define SECONTEXT_FD(fd) secontext_full_fd(fd) + # define SECONTEXT_PID(pid) secontext_full_pid(pid) + + # else +@@ -53,6 +57,7 @@ + # else + # define SECONTEXT_FILE(filename) secontext_short_file(filename, false) + # endif ++# define SECONTEXT_FD(fd) secontext_short_fd(fd) + # define SECONTEXT_PID(pid) secontext_short_pid(pid) + + # endif +@@ -65,6 +70,12 @@ + return NULL; + } + static inline char * ++get_secontext_field_fd(int fd, enum secontext_field field) ++{ ++ return NULL; ++} ++ ++static inline char * + get_secontext_field_file(const char *file, enum secontext_field field) + { + return NULL; +@@ -81,6 +92,7 @@ + { + } + ++# define SECONTEXT_FD(fd) xstrdup("") + # define SECONTEXT_FILE(filename) xstrdup("") + # define SECONTEXT_PID(pid) xstrdup("") + +Index: strace-5.18/tests-m32/sockname.c +=================================================================== +--- strace-5.18.orig/tests-m32/sockname.c 2022-07-12 18:17:36.748379448 +0200 ++++ strace-5.18/tests-m32/sockname.c 2022-07-12 18:20:18.496470519 +0200 +@@ -18,6 +18,8 @@ + #include + #include + ++#include "secontext.h" ++ + #ifndef TEST_SYSCALL_NAME + # error TEST_SYSCALL_NAME must be defined + #endif +@@ -59,14 +61,19 @@ + *plen = sizeof(struct sockaddr_un); + struct sockaddr_un *addr = tail_alloc(*plen); + ++ char *my_secontext = SECONTEXT_PID_MY(); ++ char *fd_secontext = SECONTEXT_FD(fd); ++ + PREPARE_TEST_SYSCALL_INVOCATION; + int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr, + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" + ", [%d => %d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, ++ addr->sun_path, SECONTEXT_FILE(addr->sun_path), + (int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc); + + memset(addr, 0, sizeof(*addr)); +@@ -75,28 +82,34 @@ + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" + ", [%d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, ++ addr->sun_path, SECONTEXT_FILE(addr->sun_path), + (int) *plen, SUFFIX_STR, rc); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS); +- printf("%s(%d%s, %p, NULL%s) = %s\n", +- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR, +- sprintrc(rc)); ++ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, ++ addr, SUFFIX_STR, sprintrc(rc)); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS); +- printf("%s(%d%s, NULL, NULL%s) = %s\n", +- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, ++ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, ++ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, + SUFFIX_STR, sprintrc(rc)); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, + plen + 1 SUFFIX_ARGS); +- printf("%s(%d%s, %p, %p%s) = %s\n", +- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, ++ printf("%s%s(%d%s%s, %p, %p%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, + plen + 1, SUFFIX_STR, sprintrc(rc)); + + const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path); +@@ -108,8 +121,9 @@ + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + (int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc); + + ++addr; +@@ -121,17 +135,19 @@ + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}" ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}" + ", [%d => %d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + (int) (sizeof(struct sockaddr) - offsetof_sun_path), +- addr->sun_path, (int) sizeof(struct sockaddr), +- (int) *plen, SUFFIX_STR, rc); ++ addr->sun_path, SECONTEXT_FILE(addr->sun_path), ++ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, + plen SUFFIX_ARGS); +- printf("%s(%d%s, %p, [%d]%s) = %s\n", +- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, ++ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, + *plen, SUFFIX_STR, sprintrc(rc)); + } +Index: strace-5.18/tests-mx32/secontext.c +=================================================================== +--- strace-5.18.orig/tests-mx32/secontext.c 2022-07-12 18:17:36.747379459 +0200 ++++ strace-5.18/tests-mx32/secontext.c 2022-07-12 18:20:18.496470519 +0200 +@@ -141,6 +141,21 @@ + return full_secontext; + } + ++static char * ++raw_secontext_full_fd(int fd) ++{ ++ int saved_errno = errno; ++ char *full_secontext = NULL; ++ char *secontext; ++ ++ if (fgetfilecon(fd, &secontext) >= 0) { ++ full_secontext = strip_trailing_newlines(xstrdup(secontext)); ++ freecon(secontext); ++ } ++ errno = saved_errno; ++ return full_secontext; ++} ++ + char * + get_secontext_field_file(const char *file, enum secontext_field field) + { +@@ -151,6 +166,16 @@ + return type; + } + ++char * ++get_secontext_field_fd(int fd, enum secontext_field field) ++{ ++ char *ctx = raw_secontext_full_fd(fd); ++ char *type = get_secontext_field(ctx, field); ++ free(ctx); ++ ++ return type; ++} ++ + static char * + raw_secontext_short_file(const char *filename) + { +@@ -158,6 +183,12 @@ + } + + static char * ++raw_secontext_short_fd(int fd) ++{ ++ return get_secontext_field_fd(fd, SECONTEXT_TYPE); ++} ++ ++static char * + raw_secontext_full_pid(pid_t pid) + { + int saved_errno = errno; +@@ -205,6 +236,15 @@ + } + + char * ++secontext_full_fd(int fd) ++{ ++ int saved_errno = errno; ++ char *context = raw_secontext_full_fd(fd); ++ errno = saved_errno; ++ return FORMAT_SPACE_BEFORE(context); ++} ++ ++char * + secontext_full_pid(pid_t pid) + { + return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid)); +@@ -228,6 +268,15 @@ + errno = saved_errno; + return FORMAT_SPACE_BEFORE(context); + } ++ ++char * ++secontext_short_fd(int fd) ++{ ++ int saved_errno = errno; ++ char *context = raw_secontext_short_fd(fd); ++ errno = saved_errno; ++ return FORMAT_SPACE_BEFORE(context); ++} + + char * + secontext_short_pid(pid_t pid) +Index: strace-5.18/tests-mx32/secontext.h +=================================================================== +--- strace-5.18.orig/tests-mx32/secontext.h 2022-07-12 18:17:36.747379459 +0200 ++++ strace-5.18/tests-mx32/secontext.h 2022-07-12 18:20:18.496470519 +0200 +@@ -9,9 +9,11 @@ + #include "xmalloc.h" + #include + ++char *secontext_full_fd(int) ATTRIBUTE_MALLOC; + char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC; + char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC; + ++char *secontext_short_fd(int) ATTRIBUTE_MALLOC; + char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC; + char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC; + +@@ -30,6 +32,7 @@ + */ + char *get_secontext_field(const char *full_context, enum secontext_field field); + ++char *get_secontext_field_fd(int fd, enum secontext_field field); + char *get_secontext_field_file(const char *file, enum secontext_field field); + + void reset_secontext_file(const char *file); +@@ -44,6 +47,7 @@ + # else + # define SECONTEXT_FILE(filename) secontext_full_file(filename, false) + # endif ++# define SECONTEXT_FD(fd) secontext_full_fd(fd) + # define SECONTEXT_PID(pid) secontext_full_pid(pid) + + # else +@@ -53,6 +57,7 @@ + # else + # define SECONTEXT_FILE(filename) secontext_short_file(filename, false) + # endif ++# define SECONTEXT_FD(fd) secontext_short_fd(fd) + # define SECONTEXT_PID(pid) secontext_short_pid(pid) + + # endif +@@ -65,6 +70,12 @@ + return NULL; + } + static inline char * ++get_secontext_field_fd(int fd, enum secontext_field field) ++{ ++ return NULL; ++} ++ ++static inline char * + get_secontext_field_file(const char *file, enum secontext_field field) + { + return NULL; +@@ -81,6 +92,7 @@ + { + } + ++# define SECONTEXT_FD(fd) xstrdup("") + # define SECONTEXT_FILE(filename) xstrdup("") + # define SECONTEXT_PID(pid) xstrdup("") + +Index: strace-5.18/tests-mx32/sockname.c +=================================================================== +--- strace-5.18.orig/tests-mx32/sockname.c 2022-07-12 18:17:36.748379448 +0200 ++++ strace-5.18/tests-mx32/sockname.c 2022-07-12 18:20:18.496470519 +0200 +@@ -18,6 +18,8 @@ + #include + #include + ++#include "secontext.h" ++ + #ifndef TEST_SYSCALL_NAME + # error TEST_SYSCALL_NAME must be defined + #endif +@@ -59,14 +61,19 @@ + *plen = sizeof(struct sockaddr_un); + struct sockaddr_un *addr = tail_alloc(*plen); + ++ char *my_secontext = SECONTEXT_PID_MY(); ++ char *fd_secontext = SECONTEXT_FD(fd); ++ + PREPARE_TEST_SYSCALL_INVOCATION; + int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr, + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" + ", [%d => %d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, ++ addr->sun_path, SECONTEXT_FILE(addr->sun_path), + (int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc); + + memset(addr, 0, sizeof(*addr)); +@@ -75,28 +82,34 @@ + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" + ", [%d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, ++ addr->sun_path, SECONTEXT_FILE(addr->sun_path), + (int) *plen, SUFFIX_STR, rc); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS); +- printf("%s(%d%s, %p, NULL%s) = %s\n", +- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR, +- sprintrc(rc)); ++ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, ++ addr, SUFFIX_STR, sprintrc(rc)); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS); +- printf("%s(%d%s, NULL, NULL%s) = %s\n", +- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, ++ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, ++ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, + SUFFIX_STR, sprintrc(rc)); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, + plen + 1 SUFFIX_ARGS); +- printf("%s(%d%s, %p, %p%s) = %s\n", +- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, ++ printf("%s%s(%d%s%s, %p, %p%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, + plen + 1, SUFFIX_STR, sprintrc(rc)); + + const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path); +@@ -108,8 +121,9 @@ + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + (int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc); + + ++addr; +@@ -121,17 +135,19 @@ + plen SUFFIX_ARGS); + if (rc < 0) + perror_msg_and_skip(TEST_SYSCALL_STR); +- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}" ++ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}" + ", [%d => %d]%s) = %d\n", +- TEST_SYSCALL_STR, fd, PREFIX_S_STR, ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + (int) (sizeof(struct sockaddr) - offsetof_sun_path), +- addr->sun_path, (int) sizeof(struct sockaddr), +- (int) *plen, SUFFIX_STR, rc); ++ addr->sun_path, SECONTEXT_FILE(addr->sun_path), ++ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc); + + PREPARE_TEST_SYSCALL_INVOCATION; + rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, + plen SUFFIX_ARGS); +- printf("%s(%d%s, %p, [%d]%s) = %s\n", +- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, ++ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n", ++ my_secontext, ++ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, + *plen, SUFFIX_STR, sprintrc(rc)); + } diff --git a/0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch b/0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch new file mode 100644 index 0000000..c4c57da --- /dev/null +++ b/0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch @@ -0,0 +1,374 @@ +From 676979fa9cc7920e5e4d547814f9c0edb597fa0d Mon Sep 17 00:00:00 2001 +From: Eugene Syromyatnikov +Date: Thu, 30 Jun 2022 16:01:05 +0200 +Subject: [PATCH] pathtrace, util: do not print " (deleted)" as part of the + path + +In order to allow to discern the unlinked paths from the paths that +do indeed end with " (deleted)". + +* src/defs.h (getfdpath_pid): Add deleted parameter. +(getfdpath): Pass NULL as deleted parameter to getfdpath_pid. +* src/largefile_wrappers.h (lstat_file): New macro. +* src/pathtrace.c: Include , , , +and "largefile_wrappers.h". +(getfdpath_pid): Add deleted parameter, check if path ends with +" (deleted)", and if it is, try to figure out if it is a part +of the path by comparing device/inode numbers of the file procfs +link resolves into and the file pointed by the path read; strip +" (deleted)"; set deleted (if it is non-NULL) to true if the fd +is turned out to be deleted and to false otherwise. +* src/util.c (print_quoted_string_in_angle_brackets): Add deleted +parameter, print "(deleted)" after the closing angle bracket if it is +non-NULL. +(printfd_pid): Add deleted local variable, pass it to getfdpath_pid +and print_quoted_string_in_angle_brackets calls. +* tests/fchmod.c: Add checks for a file with " (deleted)" in the path, +update expected output. +* NEWS: Mention the change. +--- + NEWS | 5 +++++ + src/defs.h | 5 +++-- + src/largefile_wrappers.h | 2 ++ + src/pathtrace.c | 48 +++++++++++++++++++++++++++++++++++++++++++++--- + src/util.c | 10 +++++++--- + tests/fchmod.c | 47 +++++++++++++++++++++++++++++++++++++++++++---- + 6 files changed, 105 insertions(+), 12 deletions(-) + +Index: strace-5.18/NEWS +=================================================================== +--- strace-5.18.orig/NEWS 2022-07-13 12:52:48.219784860 +0200 ++++ strace-5.18/NEWS 2022-07-13 12:52:48.451782122 +0200 +@@ -1,6 +1,11 @@ + Noteworthy changes in release 5.18 (2022-06-18) + =============================================== + ++* Changes in behaviour ++ * The "(deleted)" marker for unlinked paths of file descriptors is now printed ++ outside angle brackets; the matching of unlinked paths of file descriptors ++ no longer includes the " (deleted)" part into consideration. ++ + * Improvements + * Added an interface of raising des Strausses awareness. + * Added --tips option to print strace tips, tricks, and tweaks +Index: strace-5.18/src/defs.h +=================================================================== +--- strace-5.18.orig/src/defs.h 2022-07-13 12:52:29.405006910 +0200 ++++ strace-5.18/src/defs.h 2022-07-13 12:52:54.532710356 +0200 +@@ -785,12 +785,13 @@ + return pathtrace_match_set(tcp, &global_path_set); + } + +-extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize); ++extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, ++ bool *deleted); + + static inline int + getfdpath(struct tcb *tcp, int fd, char *buf, unsigned bufsize) + { +- return getfdpath_pid(tcp->pid, fd, buf, bufsize); ++ return getfdpath_pid(tcp->pid, fd, buf, bufsize, NULL); + } + + extern unsigned long getfdinode(struct tcb *, int); +Index: strace-5.18/src/largefile_wrappers.h +=================================================================== +--- strace-5.18.orig/src/largefile_wrappers.h 2022-07-13 12:52:29.405006910 +0200 ++++ strace-5.18/src/largefile_wrappers.h 2022-07-13 12:52:48.451782122 +0200 +@@ -31,6 +31,7 @@ + # endif + # define fstat_fd fstat64 + # define strace_stat_t struct stat64 ++# define lstat_file lstat64 + # define stat_file stat64 + # define struct_dirent struct dirent64 + # define read_dir readdir64 +@@ -42,6 +43,7 @@ + # define fcntl_fd fcntl + # define fstat_fd fstat + # define strace_stat_t struct stat ++# define lstat_file lstat + # define stat_file stat + # define struct_dirent struct dirent + # define read_dir readdir +Index: strace-5.18/src/pathtrace.c +=================================================================== +--- strace-5.18.orig/src/pathtrace.c 2022-07-13 12:52:29.405006910 +0200 ++++ strace-5.18/src/pathtrace.c 2022-07-13 12:52:54.532710356 +0200 +@@ -10,7 +10,11 @@ + #include "defs.h" + #include + #include ++#include ++#include ++#include + ++#include "largefile_wrappers.h" + #include "number_set.h" + #include "sen.h" + #include "xstring.h" +@@ -77,7 +81,7 @@ + * Get path associated with fd of a process with pid. + */ + int +-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize) ++getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted) + { + char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3]; + ssize_t n; +@@ -91,12 +95,50 @@ + + xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd); + n = readlink(linkpath, buf, bufsize - 1); ++ if (n < 0) ++ goto end; ++ + /* + * NB: if buf is too small, readlink doesn't fail, + * it returns truncated result (IOW: n == bufsize - 1). + */ +- if (n >= 0) +- buf[n] = '\0'; ++ buf[n] = '\0'; ++ if (deleted) ++ *deleted = false; ++ ++ /* ++ * Try to figure out if the kernel has appended " (deleted)" ++ * to the end of a potentially unlinked path and set deleted ++ * if it is the case. ++ */ ++ static const char del_sfx[] = " (deleted)"; ++ if ((size_t) n <= sizeof(del_sfx)) ++ goto end; ++ ++ char *del = buf + n + 1 - sizeof(del_sfx); ++ ++ if (memcmp(del, del_sfx, sizeof(del_sfx))) ++ goto end; ++ ++ strace_stat_t st_link; ++ strace_stat_t st_path; ++ int rc = stat_file(linkpath, &st_link); ++ ++ if (rc) ++ goto end; ++ ++ rc = lstat_file(buf, &st_path); ++ ++ if (rc || ++ (st_link.st_ino != st_path.st_ino) || ++ (st_link.st_dev != st_path.st_dev)) { ++ *del = '\0'; ++ n = del - buf + 1; ++ if (deleted) ++ *deleted = true; ++ } ++ ++end: + return n; + } + +Index: strace-5.18/src/util.c +=================================================================== +--- strace-5.18.orig/src/util.c 2022-07-13 12:52:47.989787575 +0200 ++++ strace-5.18/src/util.c 2022-07-13 12:52:48.452782111 +0200 +@@ -735,12 +735,15 @@ + } + + static void +-print_quoted_string_in_angle_brackets(const char *str) ++print_quoted_string_in_angle_brackets(const char *str, const bool deleted) + { + tprints("<"); + print_quoted_string_ex(str, strlen(str), + QUOTE_OMIT_LEADING_TRAILING_QUOTES, "<>"); + tprints(">"); ++ ++ if (deleted) ++ tprints("(deleted)"); + } + + void +@@ -749,8 +752,9 @@ + PRINT_VAL_D(fd); + + char path[PATH_MAX + 1]; ++ bool deleted; + if (pid > 0 && !number_set_array_is_empty(decode_fd_set, 0) +- && getfdpath_pid(pid, fd, path, sizeof(path)) >= 0) { ++ && getfdpath_pid(pid, fd, path, sizeof(path), &deleted) >= 0) { + if (is_number_in_set(DECODE_FD_SOCKET, decode_fd_set) && + printsocket(tcp, fd, path)) + goto printed; +@@ -761,7 +765,7 @@ + printpidfd(pid, fd, path)) + goto printed; + if (is_number_in_set(DECODE_FD_PATH, decode_fd_set)) +- print_quoted_string_in_angle_brackets(path); ++ print_quoted_string_in_angle_brackets(path, deleted); + printed: ; + } + +Index: strace-5.18/tests/fchmod.c +=================================================================== +--- strace-5.18.orig/tests/fchmod.c 2022-07-13 12:52:29.405006910 +0200 ++++ strace-5.18/tests/fchmod.c 2022-07-13 12:52:48.452782111 +0200 +@@ -35,10 +35,17 @@ + (void) unlink(sample); + int fd = open(sample, O_CREAT|O_RDONLY, 0400); + if (fd == -1) +- perror_msg_and_fail("open"); ++ perror_msg_and_fail("open(\"%s\")", sample); ++ ++ static const char sample_del[] = "fchmod_sample_file (deleted)"; ++ (void) unlink(sample_del); ++ int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400); ++ if (fd_del == -1) ++ perror_msg_and_fail("open(\"%s\")", sample); + + # ifdef YFLAG + char *sample_realpath = get_fd_path(fd); ++ char *sample_del_realpath = get_fd_path(fd_del); + # endif + + const char *sample_secontext = SECONTEXT_FILE(sample); +@@ -56,12 +63,27 @@ + sample_secontext, + sprintrc(rc)); + ++ const char *sample_del_secontext = SECONTEXT_FILE(sample_del); ++ rc = syscall(__NR_fchmod, fd_del, 0600); ++# ifdef YFLAG ++ printf("%s%s(%d<%s>%s, 0600) = %s\n", ++# else ++ printf("%s%s(%d%s, 0600) = %s\n", ++# endif ++ my_secontext, "fchmod", ++ fd_del, ++# ifdef YFLAG ++ sample_del_realpath, ++# endif ++ sample_del_secontext, ++ sprintrc(rc)); ++ + if (unlink(sample)) +- perror_msg_and_fail("unlink"); ++ perror_msg_and_fail("unlink(\"%s\")", sample); + + rc = syscall(__NR_fchmod, fd, 051); + # ifdef YFLAG +- printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n", ++ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n", + # else + printf("%s%s(%d%s, 051) = %s\n", + # endif +@@ -73,9 +95,26 @@ + sample_secontext, + sprintrc(rc)); + ++ if (unlink(sample_del)) ++ perror_msg_and_fail("unlink(\"%s\")", sample_del); ++ ++ rc = syscall(__NR_fchmod, fd_del, 051); ++# ifdef YFLAG ++ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n", ++# else ++ printf("%s%s(%d%s, 051) = %s\n", ++# endif ++ my_secontext, "fchmod", ++ fd_del, ++# ifdef YFLAG ++ sample_del_realpath, ++# endif ++ sample_del_secontext, ++ sprintrc(rc)); ++ + rc = syscall(__NR_fchmod, fd, 004); + # ifdef YFLAG +- printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n", ++ printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n", + # else + printf("%s%s(%d%s, 004) = %s\n", + # endif +Index: strace-5.18/tests-m32/fchmod.c +=================================================================== +--- strace-5.18.orig/tests-m32/fchmod.c 2022-07-13 12:52:29.405006910 +0200 ++++ strace-5.18/tests-m32/fchmod.c 2022-07-13 12:52:48.452782111 +0200 +@@ -35,10 +35,17 @@ + (void) unlink(sample); + int fd = open(sample, O_CREAT|O_RDONLY, 0400); + if (fd == -1) +- perror_msg_and_fail("open"); ++ perror_msg_and_fail("open(\"%s\")", sample); ++ ++ static const char sample_del[] = "fchmod_sample_file (deleted)"; ++ (void) unlink(sample_del); ++ int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400); ++ if (fd_del == -1) ++ perror_msg_and_fail("open(\"%s\")", sample); + + # ifdef YFLAG + char *sample_realpath = get_fd_path(fd); ++ char *sample_del_realpath = get_fd_path(fd_del); + # endif + + const char *sample_secontext = SECONTEXT_FILE(sample); +@@ -56,12 +63,27 @@ + sample_secontext, + sprintrc(rc)); + ++ const char *sample_del_secontext = SECONTEXT_FILE(sample_del); ++ rc = syscall(__NR_fchmod, fd_del, 0600); ++# ifdef YFLAG ++ printf("%s%s(%d<%s>%s, 0600) = %s\n", ++# else ++ printf("%s%s(%d%s, 0600) = %s\n", ++# endif ++ my_secontext, "fchmod", ++ fd_del, ++# ifdef YFLAG ++ sample_del_realpath, ++# endif ++ sample_del_secontext, ++ sprintrc(rc)); ++ + if (unlink(sample)) +- perror_msg_and_fail("unlink"); ++ perror_msg_and_fail("unlink(\"%s\")", sample); + + rc = syscall(__NR_fchmod, fd, 051); + # ifdef YFLAG +- printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n", ++ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n", + # else + printf("%s%s(%d%s, 051) = %s\n", + # endif +@@ -73,9 +95,26 @@ + sample_secontext, + sprintrc(rc)); + ++ if (unlink(sample_del)) ++ perror_msg_and_fail("unlink(\"%s\")", sample_del); ++ ++ rc = syscall(__NR_fchmod, fd_del, 051); ++# ifdef YFLAG ++ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n", ++# else ++ printf("%s%s(%d%s, 051) = %s\n", ++# endif ++ my_secontext, "fchmod", ++ fd_del, ++# ifdef YFLAG ++ sample_del_realpath, ++# endif ++ sample_del_secontext, ++ sprintrc(rc)); ++ + rc = syscall(__NR_fchmod, fd, 004); + # ifdef YFLAG +- printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n", ++ printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n", + # else + printf("%s%s(%d%s, 004) = %s\n", + # endif diff --git a/0181-secontext-fix-expected-SELinux-context-check-for-unl.patch b/0181-secontext-fix-expected-SELinux-context-check-for-unl.patch new file mode 100644 index 0000000..f0f74d8 --- /dev/null +++ b/0181-secontext-fix-expected-SELinux-context-check-for-unl.patch @@ -0,0 +1,209 @@ +From 3f0e5340b651da98251a58cc7923525d69f96032 Mon Sep 17 00:00:00 2001 +From: Eugene Syromyatnikov +Date: Fri, 1 Jul 2022 10:45:48 +0200 +Subject: [PATCH] secontext: fix expected SELinux context check for unlinked + FDs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +selinux_getfdcon open-coded a part of getfdpath_pid since it tries +to do the same job, figure out a path associated with an FD, for slightly +different purpose: to get the expected SELinux context for it. As the previous +commit shows, it's a bit more complicated in cases when the path ends +with the " (deleted)" string, which is also used for designated unlinked paths +in procfs. Otherwise, it may manifest in test failures such as this: + + [unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4 [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 0600) = 0 + -[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4 [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 051) = 0 + -[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4 [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 004) = 0 + +[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4 [unconfined_u:object_r:admin_home_t:s0], 051) = 0 + +[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4 [unconfined_u:object_r:admin_home_t:s0], 004) = 0 + +++ exited with 0 +++ + + fail_ '../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch' + + warn_ 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch' + + printf '%s\n' 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch' + fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch + + exit 1 + FAIL fchmod-y--secontext_full_mismatch.gen.test (exit status: 1) + +that happens due to the fact that the get_expected_filecontext() call +is made against the path with the " (deleted)" part, which is wrong (it +is more wrong than shown above when a file with the path that ends with +" (deleted)" exists). Moreover, it would be incorrect to call stat() +on that path. + +Let's factor out the common part of the code and simply call it +from selinux_getfdcon, then use the st_mode from the procfs link. + +* src/defs.h (get_proc_pid_fd_path): New declaration. +* src/pathtrace.c (get)proc_pid_fd_path): New function, part +of getfdpath_pid that performs link resolution and processing +of the result. +(getfdpath_pid): Call get_proc_pid_fd_path after PID resolution. +* src/secontext.c (get_expected_filecontext): Add mode parameter, use +it in selabel_lookup call instead of retrieveing file mode using stat() +if it is not -1. +(selinux_getfdcon): Call get_proc_pid_fd_path instead +of open-coding path resolution code, call stat() on the procfs link +and pass the retrieved st_mode to the get_expected_filecontext call. +(selinux_getfilecon): Pass -1 as mode in the get_expected_filecontext +call. + +Reported-by: Václav Kadlčík +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2087693 +--- + src/defs.h | 15 +++++++++++++++ + src/pathtrace.c | 26 ++++++++++++++++++-------- + src/secontext.c | 35 +++++++++++++++++++++-------------- + 3 files changed, 54 insertions(+), 22 deletions(-) + +Index: strace-5.18/src/defs.h +=================================================================== +--- strace-5.18.orig/src/defs.h 2022-07-12 18:22:01.563254140 +0200 ++++ strace-5.18/src/defs.h 2022-07-12 18:22:06.202199392 +0200 +@@ -785,6 +785,21 @@ + return pathtrace_match_set(tcp, &global_path_set); + } + ++/** ++ * Resolves a path for a fd procfs PID proc_pid (the one got from ++ * get_proc_pid()). ++ * ++ * @param proc_pid PID number in /proc, obtained with get_proc_pid(). ++ * @param fd FD to resolve path for. ++ * @param buf Buffer to store the resolved path in. ++ * @param bufsize The size of buf. ++ * @param deleted If non-NULL, set to true if the path associated with the FD ++ * seems to have been unlinked and to false otherwise. ++ * @return Number of bytes written including terminating '\0'. ++ */ ++extern int get_proc_pid_fd_path(int proc_pid, int fd, char *buf, ++ unsigned bufsize, bool *deleted); ++ + extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, + bool *deleted); + +Index: strace-5.18/src/pathtrace.c +=================================================================== +--- strace-5.18.orig/src/pathtrace.c 2022-07-12 18:22:01.532254506 +0200 ++++ strace-5.18/src/pathtrace.c 2022-07-12 18:22:06.202199392 +0200 +@@ -77,11 +77,9 @@ + set->paths_selected[set->num_selected++] = path; + } + +-/* +- * Get path associated with fd of a process with pid. +- */ + int +-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted) ++get_proc_pid_fd_path(int proc_pid, int fd, char *buf, unsigned bufsize, ++ bool *deleted) + { + char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3]; + ssize_t n; +@@ -89,10 +87,6 @@ + if (fd < 0) + return -1; + +- int proc_pid = get_proc_pid(pid); +- if (!proc_pid) +- return -1; +- + xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd); + n = readlink(linkpath, buf, bufsize - 1); + if (n < 0) +@@ -143,6 +137,22 @@ + } + + /* ++ * Get path associated with fd of a process with pid. ++ */ ++int ++getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted) ++{ ++ if (fd < 0) ++ return -1; ++ ++ int proc_pid = get_proc_pid(pid); ++ if (!proc_pid) ++ return -1; ++ ++ return get_proc_pid_fd_path(proc_pid, fd, buf, bufsize, deleted); ++} ++ ++/* + * Add a path to the set we're tracing. Also add the canonicalized + * version of the path. Specifying NULL will delete all paths. + */ +Index: strace-5.18/src/secontext.c +=================================================================== +--- strace-5.18.orig/src/secontext.c 2022-07-12 18:22:01.564254128 +0200 ++++ strace-5.18/src/secontext.c 2022-07-12 18:22:06.203199380 +0200 +@@ -62,7 +62,7 @@ + } + + static int +-get_expected_filecontext(const char *path, char **secontext) ++get_expected_filecontext(const char *path, char **secontext, int mode) + { + static struct selabel_handle *hdl; + +@@ -80,12 +80,7 @@ + } + } + +- strace_stat_t stb; +- if (stat_file(path, &stb) < 0) { +- return -1; +- } +- +- return selabel_lookup(hdl, secontext, path, stb.st_mode); ++ return selabel_lookup(hdl, secontext, path, mode); + } + + /* +@@ -130,16 +125,22 @@ + + /* + * We need to resolve the path, because selabel_lookup() doesn't +- * resolve anything. Using readlink() is sufficient here. ++ * resolve anything. + */ ++ char buf[PATH_MAX + 1]; ++ ssize_t n = get_proc_pid_fd_path(proc_pid, fd, buf, sizeof(buf), NULL); ++ if ((size_t) n >= (sizeof(buf) - 1)) ++ return 0; + +- char buf[PATH_MAX]; +- ssize_t n = readlink(linkpath, buf, sizeof(buf)); +- if ((size_t) n >= sizeof(buf)) ++ /* ++ * We retrieve stat() here since the path the procfs link resolves into ++ * may be reused by a different file with different context. ++ */ ++ strace_stat_t st; ++ if (stat_file(linkpath, &st)) + return 0; +- buf[n] = '\0'; + +- get_expected_filecontext(buf, expected); ++ get_expected_filecontext(buf, expected, st.st_mode); + + return 0; + } +@@ -190,7 +191,13 @@ + if (!resolved) + return 0; + +- get_expected_filecontext(resolved, expected); ++ strace_stat_t st; ++ if (stat_file(resolved, &st) < 0) ++ goto out; ++ ++ get_expected_filecontext(resolved, expected, st.st_mode); ++ ++out: + free(resolved); + + return 0; diff --git a/0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch b/0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch new file mode 100644 index 0000000..c10e7a2 --- /dev/null +++ b/0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch @@ -0,0 +1,70 @@ +From 5338636cd9ae7f53ed73f1a7909db03189ea2ff3 Mon Sep 17 00:00:00 2001 +From: Eugene Syromyatnikov +Date: Mon, 4 Jul 2022 12:29:22 +0200 +Subject: [PATCH] tests/bpf: fix sloppy low FD number usage +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +FD 42 can already be opened, so close it. Otherwise, it may lead +to the following test failure: + + -bpf(BPF_LINK_CREATE, {link_create={prog_fd=0, target_fd=0, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED) + +bpf(BPF_LINK_CREATE, {link_create={prog_fd=0, target_fd=0, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED) + bpf(BPF_LINK_CREATE, 0x3ff95574fe5, 28) = 841540765612359407 (INJECTED) + -bpf(BPF_LINK_CREATE, {link_create={prog_fd=0, target_fd=0, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED) + +bpf(BPF_LINK_CREATE, {link_create={prog_fd=0, target_fd=0, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED) + [...] + FAIL bpf-success-long-y.test (exit status: 1) + +* tests/bpf.c (init_BPF_LINK_CREATE_attr7): Close iter_info_data[1] fd. + +Fixes: v5.18~18 "bpf: improve bpf(BPF_LINK_CREATE) decoding" +Reported-by: Lenka Špačková +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103137 +--- + tests/bpf.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/bpf.c b/tests/bpf.c +index 82d870e..6c1ffd4 100644 +--- a/tests/bpf.c ++++ b/tests/bpf.c +@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx) + { + struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data; + ++ close(iter_info_data[1]); ++ + if (!iter_info_data_p) { + iter_info_data_p = tail_memdup(iter_info_data, + sizeof(iter_info_data)); +diff --git a/tests-m32/bpf.c b/tests-m32/bpf.c +index 82d870e..6c1ffd4 100644 +--- a/tests-m32/bpf.c ++++ b/tests-m32/bpf.c +@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx) + { + struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data; + ++ close(iter_info_data[1]); ++ + if (!iter_info_data_p) { + iter_info_data_p = tail_memdup(iter_info_data, + sizeof(iter_info_data)); +diff --git a/tests-mx32/bpf.c b/tests-mx32/bpf.c +index 82d870e..6c1ffd4 100644 +--- a/tests-mx32/bpf.c ++++ b/tests-mx32/bpf.c +@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx) + { + struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data; + ++ close(iter_info_data[1]); ++ + if (!iter_info_data_p) { + iter_info_data_p = tail_memdup(iter_info_data, + sizeof(iter_info_data)); +-- +2.1.4 + diff --git a/strace.spec b/strace.spec index 5ddb40f..425a325 100644 --- a/strace.spec +++ b/strace.spec @@ -1,9 +1,9 @@ Summary: Tracks and displays system calls associated with a running process Name: strace Version: 5.18 -Release: 1%{?dist} +Release: 2%{?dist} # The test suite is GPLv2+, all the rest is LGPLv2.1+. -License: LGPL-2.1+ and GPL-2.0+ +License: LGPL-2.1-or-later and GPL-2.0-or-later # Some distros require Group tag to be present, # some require Group tag to be absent, # some do not care about Group tag at all, @@ -68,6 +68,28 @@ BuildRequires: pkgconfig(bluez) #Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch #Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch +## https://bugzilla.redhat.com/2103068 covscan fixes +# v5.18-5-g2bf0696 "src/xlat: remove remnants of unnecessary idx usage in xlookup" +Patch175: 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch +# v5.18-7-ge604d7b "strauss: tips whitespace and phrasing cleanups" +Patch176: 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch +# v5.18-8-g968789d "strauss: fix off-by-one error in strauss array access" +Patch177: 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch +# v5.18-9-g6d3e97e "util: add offs sanity check to print_clock_t" +Patch178: 0178-util-add-offs-sanity-check-to-print_clock_t.patch + +## https://bugzilla.redhat.com/2087693 +# v5.18-13-g960e78f "secontext: print context of Unix socket's sun_path field" +Patch179: 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch +# v5.18-18-g676979f "pathtrace, util: do not print " (deleted)" as part of the path" +Patch180: 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch +# v5.18-19-g3f0e534 "secontext: fix expected SELinux context check for unlinked FDs" +Patch181: 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch + +## https://bugzilla.redhat.com/2103137 +# v5.18-21-g5338636 "tests/bpf: fix sloppy low FD number usage" +Patch182: 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch + # Fallback definitions for make_build/make_install macros %{?!__make: %global __make %_bindir/make} %{?!__install: %global __install %_bindir/install} @@ -104,6 +126,17 @@ received by a process. #%patch173 -p1 #%patch174 -p1 +%patch175 -p1 +%patch176 -p1 +%patch177 -p1 +%patch178 -p1 +%patch179 -p1 +%patch180 -p1 +%patch181 -p1 +%patch182 -p1 + +chmod a+x tests/*.test + echo -n %version-%release > .tarball-version echo -n 2022 > .year echo -n 2022-06-22 > doc/.strace.1.in.date @@ -161,6 +194,12 @@ echo 'END OF TEST SUITE INFORMATION' %{_mandir}/man1/* %changelog +* Mon Jul 11 2022 Eugene Syromiatnikov - 5.18-2 +- Fix the issues reported by covscan (#2103068). +- Fix SELinux context matching for the deleted paths (#2087693). +- Fix sloppy FD usage in the bpf test (#2103137). +- Cater for RHEL 9 license requirement idiosyncrasies (#2103032). + * Wed Jun 22 2022 Eugene Syromiatnikov - 5.18-1 - Rebase to v5.18; drop upstream patches on top of 5.13 (#2084002).