Fix post-rebase issues

- Add 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch
   (v5.18-5-g2bf0696 "src/xlat: remove remnants of unnecessary idx usage in xlookup")
 - Add 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch
   (v5.18-7-ge604d7b "strauss: tips whitespace and phrasing cleanups")
 - Add 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch
   (v5.18-8-g968789d "strauss: fix off-by-one error in strauss array access")
 - Add 0178-util-add-offs-sanity-check-to-print_clock_t.patch
   (v5.18-9-g6d3e97e "util: add offs sanity check to print_clock_t")
 - Add 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch
   (v5.18-13-g960e78f "secontext: print context of Unix socket's sun_path field")
 - Add 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch
   (v5.18-18-g676979f "pathtrace, util: do not print " (deleted)" as part of the path")
 - Add 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch
   )v5.18-19-g3f0e534 "secontext: fix expected SELinux context check for unlinked FDs")
 - Add 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch
   (v5.18-21-g5338636 "tests/bpf: fix sloppy low FD number usage")

* 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch: New
patch.
* 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch: Likewise.
* 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch:
Likewise.
* 0178-util-add-offs-sanity-check-to-print_clock_t.patch: Likewise.
* 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch:
Likewise.
* 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch:
Likewise.
* 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch:
Likewise.
* 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch: Likewise.
* strace.spec (Release): Bump to 2.
(Patch175, Patch176, Patch177, Patch178, Patch179, Patch180, Patch181,
Patch182): Add.
(%prep): Apply them.
(%changelog): New record about 5.18-2.

Resolves: #2087693
Resolves: #2103068
Resolves: #2103032
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
This commit is contained in:
Eugene Syromiatnikov 2022-07-13 13:07:07 +02:00
parent a9e8e0e54a
commit c32cef440f
9 changed files with 1800 additions and 2 deletions

View File

@ -0,0 +1,58 @@
From 2bf069698a384ff2bc62d2a10544d49d766b4d7f Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Mon, 27 Jun 2022 18:00:17 +0200
Subject: [PATCH] src/xlat: remove remnants of unnecessary idx usage in xlookup
As there is no idx saving between calls anymore, there's no need to use
(and update) idx in the XT_SORTED case. Reported by clang as a dead store:
Error: CLANG_WARNING:
strace-5.18/src/xlat.c:84:4: warning[deadcode.DeadStores]: Value stored to 'idx' is never read
* src/xlat.c (xlookup): Remove idx declaration; declare idx inside
of the for loop in the XT_NORMAL case; do not offset x->data and x->size
by offs in the XT_SORTED case and do not update idx upon successful
lookup.
Complements: v5.15~164 "xlat: no longer interpret NULL xlat as continuation"
---
src/xlat.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
Index: strace-5.18/src/xlat.c
===================================================================
--- strace-5.18.orig/src/xlat.c 2022-07-12 17:11:52.660927011 +0200
+++ strace-5.18/src/xlat.c 2022-07-12 17:16:18.116794139 +0200
@@ -61,7 +61,6 @@
const char *
xlookup(const struct xlat *x, const uint64_t val)
{
- size_t idx = 0;
const struct xlat_data *e;
if (!x || !x->data)
@@ -69,21 +68,18 @@
switch (x->type) {
case XT_NORMAL:
- for (; idx < x->size; idx++)
+ for (size_t idx = 0; idx < x->size; idx++)
if (x->data[idx].val == val)
return x->data[idx].str;
break;
case XT_SORTED:
e = bsearch((const void *) &val,
- x->data + idx,
- x->size - idx,
+ x->data, x->size,
sizeof(x->data[0]),
xlat_bsearch_compare);
- if (e) {
- idx = e - x->data;
+ if (e)
return e->str;
- }
break;
case XT_INDEXED:

View File

@ -0,0 +1,56 @@
From e604d7bfd18cf5f29e6723091cc1db2945c918c9 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 28 Jun 2022 16:46:53 +0200
Subject: [PATCH] strauss: tips whitespace and phrasing cleanups
* src/strauss.c (tips_tricks_tweaks): Fix some whitespace and phrasing
issues.
---
src/strauss.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
Index: strace-5.18/src/strauss.c
===================================================================
--- strace-5.18.orig/src/strauss.c 2022-07-12 17:17:08.712197019 +0200
+++ strace-5.18/src/strauss.c 2022-07-12 17:17:20.685055717 +0200
@@ -128,8 +128,8 @@
{ "strace is about as old as the Linux kernel.",
"It has been originally written for SunOS",
"by Paul Kranenburg in 1991. The support",
- "for all OSes except Linux has been dropped",
- "since 2012, though, in strace 4.7." },
+ "for all OSes except Linux was dropped"
+ "in 2012, though, in strace 4.7." },
{ "strace is able to decode netlink messages.",
"It does so automatically for I/O performed",
"on netlink sockets. Try it yourself:", "",
@@ -187,7 +187,7 @@
"want to try --seccomp-bpf option, maybe you",
"will feel better." },
{ "-v is a shorthand for -e abbrev=none and not",
- " for -e verbose=all. It is idiosyncratic,",
+ "for -e verbose=all. It is idiosyncratic,",
"but it is the historic behaviour." },
{ "strace uses netlink for printing",
"protocol-specific information about socket",
@@ -254,7 +254,7 @@
"by invoking it with the following options:", "",
" strace -DDDqqq -enone --signal=none" },
{ "Historically, supplying -o option to strace",
- "led to silencing of messages about tracee",
+ "leads to silencing of messages about tracee",
"attach/detach and personality changes.",
"It can be now overridden with --quiet=none",
"option." },
@@ -285,8 +285,9 @@
"will trace all syscalls related to accessing",
"and modifying process's user/group IDs",
"and capability sets. Other pre-defined",
- "syscall classes include %clock, %desc,%file,",
- "%ipc,%memory, %net,%process, and %signal." },
+ "syscall classes include %clock, %desc,"
+ "%file, %ipc, %memory, %net, %process,"
+ "and %signal." },
{ "Trying to figure out communication between",
"tracees inside a different PID namespace",
"(in so-called \"containers\", for example)?",

View File

@ -0,0 +1,48 @@
From 968789d5426442ac43b96eabd65f3e5c0c141e62 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 28 Jun 2022 16:47:56 +0200
Subject: [PATCH] strauss: fix off-by-one error in strauss array access
It has to be limited with strauss_lines - 1, not strauss_lines.
Reported by covscan:
Error: OVERRUN (CWE-119):
strace-5.18/src/strauss.c:380: cond_at_least: Checking "4UL + i < 37UL"
implies that "i" is at least 33 on the false branch.
strace-5.18/src/strauss.c:380: overrun-local: Overrunning array "strauss"
of 37 8-byte elements at element index 37 (byte offset 303) using index
"(4UL + i < 37UL) ? 4UL + i : 37UL" (which evaluates to 37).
* src/strauss.c (print_totd): Limit strauss array accesses to
strauss_lines - 1 instead of strauss_lines.
---
src/strauss.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/strauss.c b/src/strauss.c
index 98af183..b22ab6a 100644
--- a/src/strauss.c
+++ b/src/strauss.c
@@ -373,16 +373,16 @@ print_totd(void)
tip_left[MIN(i + 1, ARRAY_SIZE(tip_left) - 1)],
w, w, tips_tricks_tweaks[id][i] ?: "",
tip_right[MIN(i + 1, ARRAY_SIZE(tip_right) - 1)],
- strauss[MIN(3 + i, strauss_lines)]);
+ strauss[MIN(3 + i, strauss_lines - 1)]);
}
fprintf(stderr, "%s%s\n",
- tip_bottom, strauss[MIN(3 + i, strauss_lines)]);
+ tip_bottom, strauss[MIN(3 + i, strauss_lines - 1)]);
do {
fprintf(stderr, "%*s%*s%*s%s\n",
(int) strlen(tip_left[0]), "",
w, "",
(int) strlen(tip_right[0]), "",
- strauss[MIN(4 + i, strauss_lines)]);
+ strauss[MIN(4 + i, strauss_lines - 1)]);
} while ((show_tips == TIPS_FULL) && (4 + ++i < strauss_lines));
printed = true;
--
2.1.4

View File

@ -0,0 +1,62 @@
From 6d3e97e83a7d61cbb2f5109efb4b519383a55712 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 28 Jun 2022 16:55:49 +0200
Subject: [PATCH] util: add offs sanity check to print_clock_t
While it is not strictly needed right now, the code that uses
the calculated offs value lacks any checks for possible buf overruns,
which is not defensive enough, so let's add them. Reported by covscan:
Error: OVERRUN (CWE-119):
strace-5.18/src/util.c:248: assignment: Assigning:
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
16 and 31 (inclusive).
strace-5.18/src/util.c:249: overrun-local: Overrunning array of 30 bytes
at byte offset 31 by dereferencing pointer "buf + offs". [Note: The source
code implementation of the function has been overridden by a builtin model.]
Error: OVERRUN (CWE-119):
strace-5.18/src/util.c:248: assignment: Assigning:
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
16 and 31 (inclusive).
strace-5.18/src/util.c:253: overrun-buffer-arg: Overrunning array "buf"
of 30 bytes by passing it to a function which accesses it at byte offset
32 using argument "offs + 2UL" (which evaluates to 33). [Note: The source
code implementation of the function has been overridden by a builtin model.]
Error: OVERRUN (CWE-119):
strace-5.18/src/util.c:248: assignment: Assigning:
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
16 and 31 (inclusive).
strace-5.18/src/util.c:254: overrun-local: Overrunning array "buf"
of 30 bytes at byte offset 32 using index "offs + 1UL" (which evaluates
to 32).
* src/util.c (print_clock_t): Add check that offs is small enough
for it and "offs + 2" not to overrun buf.
---
src/util.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/util.c b/src/util.c
index 5f87acb..93aa7b3 100644
--- a/src/util.c
+++ b/src/util.c
@@ -246,6 +246,14 @@ print_clock_t(uint64_t val)
*/
char buf[sizeof(uint64_t) * 3 + sizeof("0.0 s")];
size_t offs = ilog10(val / clk_tck);
+ /*
+ * This check is mostly to appease covscan, which thinks
+ * that offs can go as high as 31 (it cannot), but since
+ * there is no proper sanity checks against offs overrunning
+ * buf down the code, it may as well be here.
+ */
+ if (offs > (sizeof(buf) - sizeof("0.0 s")))
+ return;
int ret = snprintf(buf + offs, sizeof(buf) - offs, "%.*f s",
frac_width,
(double) (val % clk_tck) / clk_tck);
--
2.1.4

View File

@ -0,0 +1,882 @@
From 960e78f208b4f6d48962bbc9cad45588cc8c90ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
Date: Tue, 21 Jun 2022 08:43:00 +0200
Subject: [PATCH] secontext: print context of Unix socket's sun_path field
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
* src/sockaddr.c: Include "secontext.h".
(print_sockaddr_data_un): Print the SELinux context of sun_path field
using selinux_printfilecon.
* NEWS: Mention this change.
* tests/secontext.c (raw_secontext_full_fd, get_secontext_field_fd,
raw_secontext_short_fd, secontext_full_fd, secontext_short_fd): New
functions.
* tests/secontext.h (secontext_full_fd, secontext_short_fd,
get_secontext_field_fd): New prototypes.
(SECONTEXT_FD): New macro.
* tests/sockname.c: Include "secontext.h".
(test_sockname_syscall): Update expected output.
* tests/gen_tests.in (getsockname--secontext,
getsockname--secontext_full, getsockname--secontext_full_mismatch,
getsockname--secontext_mismatch): New tests.
Resolves: https://github.com/strace/strace/pull/214
---
NEWS | 1 +
src/sockaddr.c | 3 +++
tests/gen_tests.in | 4 ++++
tests/secontext.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
tests/secontext.h | 12 ++++++++++++
tests/sockname.c | 54 +++++++++++++++++++++++++++++++++++-------------------
6 files changed, 104 insertions(+), 19 deletions(-)
Index: strace-5.18/NEWS
===================================================================
--- strace-5.18.orig/NEWS 2022-07-12 18:20:18.495470531 +0200
+++ strace-5.18/NEWS 2022-07-12 18:20:44.531163262 +0200
@@ -5,6 +5,7 @@
* Added an interface of raising des Strausses awareness.
* Added --tips option to print strace tips, tricks, and tweaks
at the end of the tracing session.
+ * Implemented printing of Unix socket sun_path field's SELinux context.
* Enhanced decoding of bpf and io_uring_register syscalls.
* Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl
commands.
Index: strace-5.18/src/sockaddr.c
===================================================================
--- strace-5.18.orig/src/sockaddr.c 2022-07-12 18:17:36.745379483 +0200
+++ strace-5.18/src/sockaddr.c 2022-07-12 18:20:18.495470531 +0200
@@ -63,6 +63,8 @@
#include "xlat/mctp_addrs.h"
#include "xlat/mctp_nets.h"
+#include "secontext.h"
+
#define SIZEOF_SA_FAMILY sizeof_field(struct sockaddr, sa_family)
struct sockaddr_rxrpc {
@@ -115,6 +117,7 @@
if (sa_un->sun_path[0]) {
print_quoted_string(sa_un->sun_path, path_len + 1,
QUOTE_0_TERMINATED);
+ selinux_printfilecon(tcp, sa_un->sun_path);
} else {
tprints("@");
print_quoted_string(sa_un->sun_path + 1, path_len - 1, 0);
Index: strace-5.18/tests/gen_tests.in
===================================================================
--- strace-5.18.orig/tests/gen_tests.in 2022-07-12 18:17:36.746379471 +0200
+++ strace-5.18/tests/gen_tests.in 2022-07-12 18:20:18.496470519 +0200
@@ -225,6 +225,10 @@
getsid -a10
getsid--pidns-translation test_pidns -e trace=getsid -a10
getsockname -a27
+getsockname--secontext -a27 --secontext -e trace=getsockname
+getsockname--secontext_full -a27 --secontext=full -e trace=getsockname
+getsockname--secontext_full_mismatch -a27 --secontext=full,mismatch -e trace=getsockname
+getsockname--secontext_mismatch -a27 --secontext=mismatch -e trace=getsockname
gettid -a9
getuid-creds +getuid.test
getuid32 +getuid.test
Index: strace-5.18/tests/secontext.c
===================================================================
--- strace-5.18.orig/tests/secontext.c 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests/secontext.c 2022-07-12 18:20:18.496470519 +0200
@@ -141,6 +141,21 @@
return full_secontext;
}
+static char *
+raw_secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *full_secontext = NULL;
+ char *secontext;
+
+ if (fgetfilecon(fd, &secontext) >= 0) {
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
+ freecon(secontext);
+ }
+ errno = saved_errno;
+ return full_secontext;
+}
+
char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
@@ -151,6 +166,16 @@
return type;
}
+char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ char *ctx = raw_secontext_full_fd(fd);
+ char *type = get_secontext_field(ctx, field);
+ free(ctx);
+
+ return type;
+}
+
static char *
raw_secontext_short_file(const char *filename)
{
@@ -158,6 +183,12 @@
}
static char *
+raw_secontext_short_fd(int fd)
+{
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -205,6 +236,15 @@
}
char *
+secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_full_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
+
+char *
secontext_full_pid(pid_t pid)
{
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
@@ -228,6 +268,15 @@
errno = saved_errno;
return FORMAT_SPACE_BEFORE(context);
}
+
+char *
+secontext_short_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_short_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
char *
secontext_short_pid(pid_t pid)
Index: strace-5.18/tests/secontext.h
===================================================================
--- strace-5.18.orig/tests/secontext.h 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests/secontext.h 2022-07-12 18:20:18.496470519 +0200
@@ -9,9 +9,11 @@
#include "xmalloc.h"
#include <unistd.h>
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
@@ -30,6 +32,7 @@
*/
char *get_secontext_field(const char *full_context, enum secontext_field field);
+char *get_secontext_field_fd(int fd, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
void reset_secontext_file(const char *file);
@@ -44,6 +47,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
# else
@@ -53,6 +57,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
# endif
@@ -65,6 +70,12 @@
return NULL;
}
static inline char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ return NULL;
+}
+
+static inline char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
return NULL;
@@ -81,6 +92,7 @@
{
}
+# define SECONTEXT_FD(fd) xstrdup("")
# define SECONTEXT_FILE(filename) xstrdup("")
# define SECONTEXT_PID(pid) xstrdup("")
Index: strace-5.18/tests/sockname.c
===================================================================
--- strace-5.18.orig/tests/sockname.c 2022-07-12 18:17:36.748379448 +0200
+++ strace-5.18/tests/sockname.c 2022-07-12 18:20:18.496470519 +0200
@@ -18,6 +18,8 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include "secontext.h"
+
#ifndef TEST_SYSCALL_NAME
# error TEST_SYSCALL_NAME must be defined
#endif
@@ -59,14 +61,19 @@
*plen = sizeof(struct sockaddr_un);
struct sockaddr_un *addr = tail_alloc(*plen);
+ char *my_secontext = SECONTEXT_PID_MY();
+ char *fd_secontext = SECONTEXT_FD(fd);
+
PREPARE_TEST_SYSCALL_INVOCATION;
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
memset(addr, 0, sizeof(*addr));
@@ -75,28 +82,34 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
- printf("%s(%d%s, %p, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
- sprintrc(rc));
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
+ addr, SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext,
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen + 1 SUFFIX_ARGS);
- printf("%s(%d%s, %p, %p%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
plen + 1, SUFFIX_STR, sprintrc(rc));
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
@@ -108,8 +121,9 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
++addr;
@@ -121,17 +135,19 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
- addr->sun_path, (int) sizeof(struct sockaddr),
- (int) *plen, SUFFIX_STR, rc);
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen SUFFIX_ARGS);
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
*plen, SUFFIX_STR, sprintrc(rc));
}
Index: strace-5.18/tests-m32/secontext.c
===================================================================
--- strace-5.18.orig/tests-m32/secontext.c 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-m32/secontext.c 2022-07-12 18:20:18.496470519 +0200
@@ -141,6 +141,21 @@
return full_secontext;
}
+static char *
+raw_secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *full_secontext = NULL;
+ char *secontext;
+
+ if (fgetfilecon(fd, &secontext) >= 0) {
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
+ freecon(secontext);
+ }
+ errno = saved_errno;
+ return full_secontext;
+}
+
char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
@@ -151,6 +166,16 @@
return type;
}
+char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ char *ctx = raw_secontext_full_fd(fd);
+ char *type = get_secontext_field(ctx, field);
+ free(ctx);
+
+ return type;
+}
+
static char *
raw_secontext_short_file(const char *filename)
{
@@ -158,6 +183,12 @@
}
static char *
+raw_secontext_short_fd(int fd)
+{
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -205,6 +236,15 @@
}
char *
+secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_full_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
+
+char *
secontext_full_pid(pid_t pid)
{
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
@@ -228,6 +268,15 @@
errno = saved_errno;
return FORMAT_SPACE_BEFORE(context);
}
+
+char *
+secontext_short_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_short_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
char *
secontext_short_pid(pid_t pid)
Index: strace-5.18/tests-m32/secontext.h
===================================================================
--- strace-5.18.orig/tests-m32/secontext.h 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-m32/secontext.h 2022-07-12 18:20:18.496470519 +0200
@@ -9,9 +9,11 @@
#include "xmalloc.h"
#include <unistd.h>
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
@@ -30,6 +32,7 @@
*/
char *get_secontext_field(const char *full_context, enum secontext_field field);
+char *get_secontext_field_fd(int fd, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
void reset_secontext_file(const char *file);
@@ -44,6 +47,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
# else
@@ -53,6 +57,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
# endif
@@ -65,6 +70,12 @@
return NULL;
}
static inline char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ return NULL;
+}
+
+static inline char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
return NULL;
@@ -81,6 +92,7 @@
{
}
+# define SECONTEXT_FD(fd) xstrdup("")
# define SECONTEXT_FILE(filename) xstrdup("")
# define SECONTEXT_PID(pid) xstrdup("")
Index: strace-5.18/tests-m32/sockname.c
===================================================================
--- strace-5.18.orig/tests-m32/sockname.c 2022-07-12 18:17:36.748379448 +0200
+++ strace-5.18/tests-m32/sockname.c 2022-07-12 18:20:18.496470519 +0200
@@ -18,6 +18,8 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include "secontext.h"
+
#ifndef TEST_SYSCALL_NAME
# error TEST_SYSCALL_NAME must be defined
#endif
@@ -59,14 +61,19 @@
*plen = sizeof(struct sockaddr_un);
struct sockaddr_un *addr = tail_alloc(*plen);
+ char *my_secontext = SECONTEXT_PID_MY();
+ char *fd_secontext = SECONTEXT_FD(fd);
+
PREPARE_TEST_SYSCALL_INVOCATION;
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
memset(addr, 0, sizeof(*addr));
@@ -75,28 +82,34 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
- printf("%s(%d%s, %p, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
- sprintrc(rc));
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
+ addr, SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext,
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen + 1 SUFFIX_ARGS);
- printf("%s(%d%s, %p, %p%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
plen + 1, SUFFIX_STR, sprintrc(rc));
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
@@ -108,8 +121,9 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
++addr;
@@ -121,17 +135,19 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
- addr->sun_path, (int) sizeof(struct sockaddr),
- (int) *plen, SUFFIX_STR, rc);
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen SUFFIX_ARGS);
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
*plen, SUFFIX_STR, sprintrc(rc));
}
Index: strace-5.18/tests-mx32/secontext.c
===================================================================
--- strace-5.18.orig/tests-mx32/secontext.c 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-mx32/secontext.c 2022-07-12 18:20:18.496470519 +0200
@@ -141,6 +141,21 @@
return full_secontext;
}
+static char *
+raw_secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *full_secontext = NULL;
+ char *secontext;
+
+ if (fgetfilecon(fd, &secontext) >= 0) {
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
+ freecon(secontext);
+ }
+ errno = saved_errno;
+ return full_secontext;
+}
+
char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
@@ -151,6 +166,16 @@
return type;
}
+char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ char *ctx = raw_secontext_full_fd(fd);
+ char *type = get_secontext_field(ctx, field);
+ free(ctx);
+
+ return type;
+}
+
static char *
raw_secontext_short_file(const char *filename)
{
@@ -158,6 +183,12 @@
}
static char *
+raw_secontext_short_fd(int fd)
+{
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -205,6 +236,15 @@
}
char *
+secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_full_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
+
+char *
secontext_full_pid(pid_t pid)
{
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
@@ -228,6 +268,15 @@
errno = saved_errno;
return FORMAT_SPACE_BEFORE(context);
}
+
+char *
+secontext_short_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_short_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
char *
secontext_short_pid(pid_t pid)
Index: strace-5.18/tests-mx32/secontext.h
===================================================================
--- strace-5.18.orig/tests-mx32/secontext.h 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-mx32/secontext.h 2022-07-12 18:20:18.496470519 +0200
@@ -9,9 +9,11 @@
#include "xmalloc.h"
#include <unistd.h>
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
@@ -30,6 +32,7 @@
*/
char *get_secontext_field(const char *full_context, enum secontext_field field);
+char *get_secontext_field_fd(int fd, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
void reset_secontext_file(const char *file);
@@ -44,6 +47,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
# else
@@ -53,6 +57,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
# endif
@@ -65,6 +70,12 @@
return NULL;
}
static inline char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ return NULL;
+}
+
+static inline char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
return NULL;
@@ -81,6 +92,7 @@
{
}
+# define SECONTEXT_FD(fd) xstrdup("")
# define SECONTEXT_FILE(filename) xstrdup("")
# define SECONTEXT_PID(pid) xstrdup("")
Index: strace-5.18/tests-mx32/sockname.c
===================================================================
--- strace-5.18.orig/tests-mx32/sockname.c 2022-07-12 18:17:36.748379448 +0200
+++ strace-5.18/tests-mx32/sockname.c 2022-07-12 18:20:18.496470519 +0200
@@ -18,6 +18,8 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include "secontext.h"
+
#ifndef TEST_SYSCALL_NAME
# error TEST_SYSCALL_NAME must be defined
#endif
@@ -59,14 +61,19 @@
*plen = sizeof(struct sockaddr_un);
struct sockaddr_un *addr = tail_alloc(*plen);
+ char *my_secontext = SECONTEXT_PID_MY();
+ char *fd_secontext = SECONTEXT_FD(fd);
+
PREPARE_TEST_SYSCALL_INVOCATION;
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
memset(addr, 0, sizeof(*addr));
@@ -75,28 +82,34 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
- printf("%s(%d%s, %p, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
- sprintrc(rc));
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
+ addr, SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext,
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen + 1 SUFFIX_ARGS);
- printf("%s(%d%s, %p, %p%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
plen + 1, SUFFIX_STR, sprintrc(rc));
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
@@ -108,8 +121,9 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
++addr;
@@ -121,17 +135,19 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
- addr->sun_path, (int) sizeof(struct sockaddr),
- (int) *plen, SUFFIX_STR, rc);
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen SUFFIX_ARGS);
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
*plen, SUFFIX_STR, sprintrc(rc));
}

View File

@ -0,0 +1,374 @@
From 676979fa9cc7920e5e4d547814f9c0edb597fa0d Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Thu, 30 Jun 2022 16:01:05 +0200
Subject: [PATCH] pathtrace, util: do not print " (deleted)" as part of the
path
In order to allow to discern the unlinked paths from the paths that
do indeed end with " (deleted)".
* src/defs.h (getfdpath_pid): Add deleted parameter.
(getfdpath): Pass NULL as deleted parameter to getfdpath_pid.
* src/largefile_wrappers.h (lstat_file): New macro.
* src/pathtrace.c: Include <sys/stat.h>, <sys/types.h>, <unistd.h>,
and "largefile_wrappers.h".
(getfdpath_pid): Add deleted parameter, check if path ends with
" (deleted)", and if it is, try to figure out if it is a part
of the path by comparing device/inode numbers of the file procfs
link resolves into and the file pointed by the path read; strip
" (deleted)"; set deleted (if it is non-NULL) to true if the fd
is turned out to be deleted and to false otherwise.
* src/util.c (print_quoted_string_in_angle_brackets): Add deleted
parameter, print "(deleted)" after the closing angle bracket if it is
non-NULL.
(printfd_pid): Add deleted local variable, pass it to getfdpath_pid
and print_quoted_string_in_angle_brackets calls.
* tests/fchmod.c: Add checks for a file with " (deleted)" in the path,
update expected output.
* NEWS: Mention the change.
---
NEWS | 5 +++++
src/defs.h | 5 +++--
src/largefile_wrappers.h | 2 ++
src/pathtrace.c | 48 +++++++++++++++++++++++++++++++++++++++++++++---
src/util.c | 10 +++++++---
tests/fchmod.c | 47 +++++++++++++++++++++++++++++++++++++++++++----
6 files changed, 105 insertions(+), 12 deletions(-)
Index: strace-5.18/NEWS
===================================================================
--- strace-5.18.orig/NEWS 2022-07-13 12:52:48.219784860 +0200
+++ strace-5.18/NEWS 2022-07-13 12:52:48.451782122 +0200
@@ -1,6 +1,11 @@
Noteworthy changes in release 5.18 (2022-06-18)
===============================================
+* Changes in behaviour
+ * The "(deleted)" marker for unlinked paths of file descriptors is now printed
+ outside angle brackets; the matching of unlinked paths of file descriptors
+ no longer includes the " (deleted)" part into consideration.
+
* Improvements
* Added an interface of raising des Strausses awareness.
* Added --tips option to print strace tips, tricks, and tweaks
Index: strace-5.18/src/defs.h
===================================================================
--- strace-5.18.orig/src/defs.h 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/src/defs.h 2022-07-13 12:52:54.532710356 +0200
@@ -785,12 +785,13 @@
return pathtrace_match_set(tcp, &global_path_set);
}
-extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize);
+extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize,
+ bool *deleted);
static inline int
getfdpath(struct tcb *tcp, int fd, char *buf, unsigned bufsize)
{
- return getfdpath_pid(tcp->pid, fd, buf, bufsize);
+ return getfdpath_pid(tcp->pid, fd, buf, bufsize, NULL);
}
extern unsigned long getfdinode(struct tcb *, int);
Index: strace-5.18/src/largefile_wrappers.h
===================================================================
--- strace-5.18.orig/src/largefile_wrappers.h 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/src/largefile_wrappers.h 2022-07-13 12:52:48.451782122 +0200
@@ -31,6 +31,7 @@
# endif
# define fstat_fd fstat64
# define strace_stat_t struct stat64
+# define lstat_file lstat64
# define stat_file stat64
# define struct_dirent struct dirent64
# define read_dir readdir64
@@ -42,6 +43,7 @@
# define fcntl_fd fcntl
# define fstat_fd fstat
# define strace_stat_t struct stat
+# define lstat_file lstat
# define stat_file stat
# define struct_dirent struct dirent
# define read_dir readdir
Index: strace-5.18/src/pathtrace.c
===================================================================
--- strace-5.18.orig/src/pathtrace.c 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/src/pathtrace.c 2022-07-13 12:52:54.532710356 +0200
@@ -10,7 +10,11 @@
#include "defs.h"
#include <limits.h>
#include <poll.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include "largefile_wrappers.h"
#include "number_set.h"
#include "sen.h"
#include "xstring.h"
@@ -77,7 +81,7 @@
* Get path associated with fd of a process with pid.
*/
int
-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize)
+getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
{
char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];
ssize_t n;
@@ -91,12 +95,50 @@
xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);
n = readlink(linkpath, buf, bufsize - 1);
+ if (n < 0)
+ goto end;
+
/*
* NB: if buf is too small, readlink doesn't fail,
* it returns truncated result (IOW: n == bufsize - 1).
*/
- if (n >= 0)
- buf[n] = '\0';
+ buf[n] = '\0';
+ if (deleted)
+ *deleted = false;
+
+ /*
+ * Try to figure out if the kernel has appended " (deleted)"
+ * to the end of a potentially unlinked path and set deleted
+ * if it is the case.
+ */
+ static const char del_sfx[] = " (deleted)";
+ if ((size_t) n <= sizeof(del_sfx))
+ goto end;
+
+ char *del = buf + n + 1 - sizeof(del_sfx);
+
+ if (memcmp(del, del_sfx, sizeof(del_sfx)))
+ goto end;
+
+ strace_stat_t st_link;
+ strace_stat_t st_path;
+ int rc = stat_file(linkpath, &st_link);
+
+ if (rc)
+ goto end;
+
+ rc = lstat_file(buf, &st_path);
+
+ if (rc ||
+ (st_link.st_ino != st_path.st_ino) ||
+ (st_link.st_dev != st_path.st_dev)) {
+ *del = '\0';
+ n = del - buf + 1;
+ if (deleted)
+ *deleted = true;
+ }
+
+end:
return n;
}
Index: strace-5.18/src/util.c
===================================================================
--- strace-5.18.orig/src/util.c 2022-07-13 12:52:47.989787575 +0200
+++ strace-5.18/src/util.c 2022-07-13 12:52:48.452782111 +0200
@@ -735,12 +735,15 @@
}
static void
-print_quoted_string_in_angle_brackets(const char *str)
+print_quoted_string_in_angle_brackets(const char *str, const bool deleted)
{
tprints("<");
print_quoted_string_ex(str, strlen(str),
QUOTE_OMIT_LEADING_TRAILING_QUOTES, "<>");
tprints(">");
+
+ if (deleted)
+ tprints("(deleted)");
}
void
@@ -749,8 +752,9 @@
PRINT_VAL_D(fd);
char path[PATH_MAX + 1];
+ bool deleted;
if (pid > 0 && !number_set_array_is_empty(decode_fd_set, 0)
- && getfdpath_pid(pid, fd, path, sizeof(path)) >= 0) {
+ && getfdpath_pid(pid, fd, path, sizeof(path), &deleted) >= 0) {
if (is_number_in_set(DECODE_FD_SOCKET, decode_fd_set) &&
printsocket(tcp, fd, path))
goto printed;
@@ -761,7 +765,7 @@
printpidfd(pid, fd, path))
goto printed;
if (is_number_in_set(DECODE_FD_PATH, decode_fd_set))
- print_quoted_string_in_angle_brackets(path);
+ print_quoted_string_in_angle_brackets(path, deleted);
printed: ;
}
Index: strace-5.18/tests/fchmod.c
===================================================================
--- strace-5.18.orig/tests/fchmod.c 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/tests/fchmod.c 2022-07-13 12:52:48.452782111 +0200
@@ -35,10 +35,17 @@
(void) unlink(sample);
int fd = open(sample, O_CREAT|O_RDONLY, 0400);
if (fd == -1)
- perror_msg_and_fail("open");
+ perror_msg_and_fail("open(\"%s\")", sample);
+
+ static const char sample_del[] = "fchmod_sample_file (deleted)";
+ (void) unlink(sample_del);
+ int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400);
+ if (fd_del == -1)
+ perror_msg_and_fail("open(\"%s\")", sample);
# ifdef YFLAG
char *sample_realpath = get_fd_path(fd);
+ char *sample_del_realpath = get_fd_path(fd_del);
# endif
const char *sample_secontext = SECONTEXT_FILE(sample);
@@ -56,12 +63,27 @@
sample_secontext,
sprintrc(rc));
+ const char *sample_del_secontext = SECONTEXT_FILE(sample_del);
+ rc = syscall(__NR_fchmod, fd_del, 0600);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>%s, 0600) = %s\n",
+# else
+ printf("%s%s(%d%s, 0600) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
if (unlink(sample))
- perror_msg_and_fail("unlink");
+ perror_msg_and_fail("unlink(\"%s\")", sample);
rc = syscall(__NR_fchmod, fd, 051);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
# else
printf("%s%s(%d%s, 051) = %s\n",
# endif
@@ -73,9 +95,26 @@
sample_secontext,
sprintrc(rc));
+ if (unlink(sample_del))
+ perror_msg_and_fail("unlink(\"%s\")", sample_del);
+
+ rc = syscall(__NR_fchmod, fd_del, 051);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
+# else
+ printf("%s%s(%d%s, 051) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
rc = syscall(__NR_fchmod, fd, 004);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n",
# else
printf("%s%s(%d%s, 004) = %s\n",
# endif
Index: strace-5.18/tests-m32/fchmod.c
===================================================================
--- strace-5.18.orig/tests-m32/fchmod.c 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/tests-m32/fchmod.c 2022-07-13 12:52:48.452782111 +0200
@@ -35,10 +35,17 @@
(void) unlink(sample);
int fd = open(sample, O_CREAT|O_RDONLY, 0400);
if (fd == -1)
- perror_msg_and_fail("open");
+ perror_msg_and_fail("open(\"%s\")", sample);
+
+ static const char sample_del[] = "fchmod_sample_file (deleted)";
+ (void) unlink(sample_del);
+ int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400);
+ if (fd_del == -1)
+ perror_msg_and_fail("open(\"%s\")", sample);
# ifdef YFLAG
char *sample_realpath = get_fd_path(fd);
+ char *sample_del_realpath = get_fd_path(fd_del);
# endif
const char *sample_secontext = SECONTEXT_FILE(sample);
@@ -56,12 +63,27 @@
sample_secontext,
sprintrc(rc));
+ const char *sample_del_secontext = SECONTEXT_FILE(sample_del);
+ rc = syscall(__NR_fchmod, fd_del, 0600);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>%s, 0600) = %s\n",
+# else
+ printf("%s%s(%d%s, 0600) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
if (unlink(sample))
- perror_msg_and_fail("unlink");
+ perror_msg_and_fail("unlink(\"%s\")", sample);
rc = syscall(__NR_fchmod, fd, 051);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
# else
printf("%s%s(%d%s, 051) = %s\n",
# endif
@@ -73,9 +95,26 @@
sample_secontext,
sprintrc(rc));
+ if (unlink(sample_del))
+ perror_msg_and_fail("unlink(\"%s\")", sample_del);
+
+ rc = syscall(__NR_fchmod, fd_del, 051);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
+# else
+ printf("%s%s(%d%s, 051) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
rc = syscall(__NR_fchmod, fd, 004);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n",
# else
printf("%s%s(%d%s, 004) = %s\n",
# endif

View File

@ -0,0 +1,209 @@
From 3f0e5340b651da98251a58cc7923525d69f96032 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Fri, 1 Jul 2022 10:45:48 +0200
Subject: [PATCH] secontext: fix expected SELinux context check for unlinked
FDs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
selinux_getfdcon open-coded a part of getfdpath_pid since it tries
to do the same job, figure out a path associated with an FD, for slightly
different purpose: to get the expected SELinux context for it. As the previous
commit shows, it's a bit more complicated in cases when the path ends
with the " (deleted)" string, which is also used for designated unlinked paths
in procfs. Otherwise, it may manifest in test failures such as this:
[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 0600) = 0
-[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 051) = 0
-[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 004) = 0
+[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 051) = 0
+[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 004) = 0
+++ exited with 0 +++
+ fail_ '../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
+ warn_ 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
+ printf '%s\n' 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch
+ exit 1
FAIL fchmod-y--secontext_full_mismatch.gen.test (exit status: 1)
that happens due to the fact that the get_expected_filecontext() call
is made against the path with the " (deleted)" part, which is wrong (it
is more wrong than shown above when a file with the path that ends with
" (deleted)" exists). Moreover, it would be incorrect to call stat()
on that path.
Let's factor out the common part of the code and simply call it
from selinux_getfdcon, then use the st_mode from the procfs link.
* src/defs.h (get_proc_pid_fd_path): New declaration.
* src/pathtrace.c (get)proc_pid_fd_path): New function, part
of getfdpath_pid that performs link resolution and processing
of the result.
(getfdpath_pid): Call get_proc_pid_fd_path after PID resolution.
* src/secontext.c (get_expected_filecontext): Add mode parameter, use
it in selabel_lookup call instead of retrieveing file mode using stat()
if it is not -1.
(selinux_getfdcon): Call get_proc_pid_fd_path instead
of open-coding path resolution code, call stat() on the procfs link
and pass the retrieved st_mode to the get_expected_filecontext call.
(selinux_getfilecon): Pass -1 as mode in the get_expected_filecontext
call.
Reported-by: Václav Kadlčík <vkadlcik@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2087693
---
src/defs.h | 15 +++++++++++++++
src/pathtrace.c | 26 ++++++++++++++++++--------
src/secontext.c | 35 +++++++++++++++++++++--------------
3 files changed, 54 insertions(+), 22 deletions(-)
Index: strace-5.18/src/defs.h
===================================================================
--- strace-5.18.orig/src/defs.h 2022-07-12 18:22:01.563254140 +0200
+++ strace-5.18/src/defs.h 2022-07-12 18:22:06.202199392 +0200
@@ -785,6 +785,21 @@
return pathtrace_match_set(tcp, &global_path_set);
}
+/**
+ * Resolves a path for a fd procfs PID proc_pid (the one got from
+ * get_proc_pid()).
+ *
+ * @param proc_pid PID number in /proc, obtained with get_proc_pid().
+ * @param fd FD to resolve path for.
+ * @param buf Buffer to store the resolved path in.
+ * @param bufsize The size of buf.
+ * @param deleted If non-NULL, set to true if the path associated with the FD
+ * seems to have been unlinked and to false otherwise.
+ * @return Number of bytes written including terminating '\0'.
+ */
+extern int get_proc_pid_fd_path(int proc_pid, int fd, char *buf,
+ unsigned bufsize, bool *deleted);
+
extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize,
bool *deleted);
Index: strace-5.18/src/pathtrace.c
===================================================================
--- strace-5.18.orig/src/pathtrace.c 2022-07-12 18:22:01.532254506 +0200
+++ strace-5.18/src/pathtrace.c 2022-07-12 18:22:06.202199392 +0200
@@ -77,11 +77,9 @@
set->paths_selected[set->num_selected++] = path;
}
-/*
- * Get path associated with fd of a process with pid.
- */
int
-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
+get_proc_pid_fd_path(int proc_pid, int fd, char *buf, unsigned bufsize,
+ bool *deleted)
{
char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];
ssize_t n;
@@ -89,10 +87,6 @@
if (fd < 0)
return -1;
- int proc_pid = get_proc_pid(pid);
- if (!proc_pid)
- return -1;
-
xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);
n = readlink(linkpath, buf, bufsize - 1);
if (n < 0)
@@ -143,6 +137,22 @@
}
/*
+ * Get path associated with fd of a process with pid.
+ */
+int
+getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
+{
+ if (fd < 0)
+ return -1;
+
+ int proc_pid = get_proc_pid(pid);
+ if (!proc_pid)
+ return -1;
+
+ return get_proc_pid_fd_path(proc_pid, fd, buf, bufsize, deleted);
+}
+
+/*
* Add a path to the set we're tracing. Also add the canonicalized
* version of the path. Specifying NULL will delete all paths.
*/
Index: strace-5.18/src/secontext.c
===================================================================
--- strace-5.18.orig/src/secontext.c 2022-07-12 18:22:01.564254128 +0200
+++ strace-5.18/src/secontext.c 2022-07-12 18:22:06.203199380 +0200
@@ -62,7 +62,7 @@
}
static int
-get_expected_filecontext(const char *path, char **secontext)
+get_expected_filecontext(const char *path, char **secontext, int mode)
{
static struct selabel_handle *hdl;
@@ -80,12 +80,7 @@
}
}
- strace_stat_t stb;
- if (stat_file(path, &stb) < 0) {
- return -1;
- }
-
- return selabel_lookup(hdl, secontext, path, stb.st_mode);
+ return selabel_lookup(hdl, secontext, path, mode);
}
/*
@@ -130,16 +125,22 @@
/*
* We need to resolve the path, because selabel_lookup() doesn't
- * resolve anything. Using readlink() is sufficient here.
+ * resolve anything.
*/
+ char buf[PATH_MAX + 1];
+ ssize_t n = get_proc_pid_fd_path(proc_pid, fd, buf, sizeof(buf), NULL);
+ if ((size_t) n >= (sizeof(buf) - 1))
+ return 0;
- char buf[PATH_MAX];
- ssize_t n = readlink(linkpath, buf, sizeof(buf));
- if ((size_t) n >= sizeof(buf))
+ /*
+ * We retrieve stat() here since the path the procfs link resolves into
+ * may be reused by a different file with different context.
+ */
+ strace_stat_t st;
+ if (stat_file(linkpath, &st))
return 0;
- buf[n] = '\0';
- get_expected_filecontext(buf, expected);
+ get_expected_filecontext(buf, expected, st.st_mode);
return 0;
}
@@ -190,7 +191,13 @@
if (!resolved)
return 0;
- get_expected_filecontext(resolved, expected);
+ strace_stat_t st;
+ if (stat_file(resolved, &st) < 0)
+ goto out;
+
+ get_expected_filecontext(resolved, expected, st.st_mode);
+
+out:
free(resolved);
return 0;

View File

@ -0,0 +1,70 @@
From 5338636cd9ae7f53ed73f1a7909db03189ea2ff3 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Mon, 4 Jul 2022 12:29:22 +0200
Subject: [PATCH] tests/bpf: fix sloppy low FD number usage
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
FD 42 can already be opened, so close it. Otherwise, it may lead
to the following test failure:
-bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED)
+bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42</var/tmp/restraintd/logs/146893626/task.log>}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED)
bpf(BPF_LINK_CREATE, 0x3ff95574fe5, 28) = 841540765612359407 (INJECTED)
-bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED)
+bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42</var/tmp/restraintd/logs/146893626/task.log>}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED)
[...]
FAIL bpf-success-long-y.test (exit status: 1)
* tests/bpf.c (init_BPF_LINK_CREATE_attr7): Close iter_info_data[1] fd.
Fixes: v5.18~18 "bpf: improve bpf(BPF_LINK_CREATE) decoding"
Reported-by: Lenka Špačková <lkuprova@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103137
---
tests/bpf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/bpf.c b/tests/bpf.c
index 82d870e..6c1ffd4 100644
--- a/tests/bpf.c
+++ b/tests/bpf.c
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
{
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ close(iter_info_data[1]);
+
if (!iter_info_data_p) {
iter_info_data_p = tail_memdup(iter_info_data,
sizeof(iter_info_data));
diff --git a/tests-m32/bpf.c b/tests-m32/bpf.c
index 82d870e..6c1ffd4 100644
--- a/tests-m32/bpf.c
+++ b/tests-m32/bpf.c
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
{
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ close(iter_info_data[1]);
+
if (!iter_info_data_p) {
iter_info_data_p = tail_memdup(iter_info_data,
sizeof(iter_info_data));
diff --git a/tests-mx32/bpf.c b/tests-mx32/bpf.c
index 82d870e..6c1ffd4 100644
--- a/tests-mx32/bpf.c
+++ b/tests-mx32/bpf.c
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
{
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ close(iter_info_data[1]);
+
if (!iter_info_data_p) {
iter_info_data_p = tail_memdup(iter_info_data,
sizeof(iter_info_data));
--
2.1.4

View File

@ -1,9 +1,9 @@
Summary: Tracks and displays system calls associated with a running process Summary: Tracks and displays system calls associated with a running process
Name: strace Name: strace
Version: 5.18 Version: 5.18
Release: 1%{?dist} Release: 2%{?dist}
# The test suite is GPLv2+, all the rest is LGPLv2.1+. # The test suite is GPLv2+, all the rest is LGPLv2.1+.
License: LGPL-2.1+ and GPL-2.0+ License: LGPL-2.1-or-later and GPL-2.0-or-later
# Some distros require Group tag to be present, # Some distros require Group tag to be present,
# some require Group tag to be absent, # some require Group tag to be absent,
# some do not care about Group tag at all, # some do not care about Group tag at all,
@ -68,6 +68,28 @@ BuildRequires: pkgconfig(bluez)
#Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch #Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch
#Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch #Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
## https://bugzilla.redhat.com/2103068 covscan fixes
# v5.18-5-g2bf0696 "src/xlat: remove remnants of unnecessary idx usage in xlookup"
Patch175: 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch
# v5.18-7-ge604d7b "strauss: tips whitespace and phrasing cleanups"
Patch176: 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch
# v5.18-8-g968789d "strauss: fix off-by-one error in strauss array access"
Patch177: 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch
# v5.18-9-g6d3e97e "util: add offs sanity check to print_clock_t"
Patch178: 0178-util-add-offs-sanity-check-to-print_clock_t.patch
## https://bugzilla.redhat.com/2087693
# v5.18-13-g960e78f "secontext: print context of Unix socket's sun_path field"
Patch179: 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch
# v5.18-18-g676979f "pathtrace, util: do not print " (deleted)" as part of the path"
Patch180: 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch
# v5.18-19-g3f0e534 "secontext: fix expected SELinux context check for unlinked FDs"
Patch181: 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch
## https://bugzilla.redhat.com/2103137
# v5.18-21-g5338636 "tests/bpf: fix sloppy low FD number usage"
Patch182: 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch
# Fallback definitions for make_build/make_install macros # Fallback definitions for make_build/make_install macros
%{?!__make: %global __make %_bindir/make} %{?!__make: %global __make %_bindir/make}
%{?!__install: %global __install %_bindir/install} %{?!__install: %global __install %_bindir/install}
@ -104,6 +126,17 @@ received by a process.
#%patch173 -p1 #%patch173 -p1
#%patch174 -p1 #%patch174 -p1
%patch175 -p1
%patch176 -p1
%patch177 -p1
%patch178 -p1
%patch179 -p1
%patch180 -p1
%patch181 -p1
%patch182 -p1
chmod a+x tests/*.test
echo -n %version-%release > .tarball-version echo -n %version-%release > .tarball-version
echo -n 2022 > .year echo -n 2022 > .year
echo -n 2022-06-22 > doc/.strace.1.in.date echo -n 2022-06-22 > doc/.strace.1.in.date
@ -161,6 +194,12 @@ echo 'END OF TEST SUITE INFORMATION'
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Mon Jul 11 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-2
- Fix the issues reported by covscan (#2103068).
- Fix SELinux context matching for the deleted paths (#2087693).
- Fix sloppy FD usage in the bpf test (#2103137).
- Cater for RHEL 9 license requirement idiosyncrasies (#2103032).
* Wed Jun 22 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-1 * Wed Jun 22 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-1
- Rebase to v5.18; drop upstream patches on top of 5.13 (#2084002). - Rebase to v5.18; drop upstream patches on top of 5.13 (#2084002).