Fix post-rebase issues
- Add 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch (v5.18-5-g2bf0696 "src/xlat: remove remnants of unnecessary idx usage in xlookup") - Add 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch (v5.18-7-ge604d7b "strauss: tips whitespace and phrasing cleanups") - Add 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch (v5.18-8-g968789d "strauss: fix off-by-one error in strauss array access") - Add 0178-util-add-offs-sanity-check-to-print_clock_t.patch (v5.18-9-g6d3e97e "util: add offs sanity check to print_clock_t") - Add 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch (v5.18-13-g960e78f "secontext: print context of Unix socket's sun_path field") - Add 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch (v5.18-18-g676979f "pathtrace, util: do not print " (deleted)" as part of the path") - Add 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch )v5.18-19-g3f0e534 "secontext: fix expected SELinux context check for unlinked FDs") - Add 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch (v5.18-21-g5338636 "tests/bpf: fix sloppy low FD number usage") * 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch: New patch. * 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch: Likewise. * 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch: Likewise. * 0178-util-add-offs-sanity-check-to-print_clock_t.patch: Likewise. * 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch: Likewise. * 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch: Likewise. * 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch: Likewise. * 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch: Likewise. * strace.spec (Release): Bump to 2. (Patch175, Patch176, Patch177, Patch178, Patch179, Patch180, Patch181, Patch182): Add. (%prep): Apply them. (%changelog): New record about 5.18-2. Resolves: #2087693 Resolves: #2103068 Resolves: #2103032 Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
This commit is contained in:
parent
a9e8e0e54a
commit
c32cef440f
@ -0,0 +1,58 @@
|
|||||||
|
From 2bf069698a384ff2bc62d2a10544d49d766b4d7f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||||
|
Date: Mon, 27 Jun 2022 18:00:17 +0200
|
||||||
|
Subject: [PATCH] src/xlat: remove remnants of unnecessary idx usage in xlookup
|
||||||
|
|
||||||
|
As there is no idx saving between calls anymore, there's no need to use
|
||||||
|
(and update) idx in the XT_SORTED case. Reported by clang as a dead store:
|
||||||
|
|
||||||
|
Error: CLANG_WARNING:
|
||||||
|
strace-5.18/src/xlat.c:84:4: warning[deadcode.DeadStores]: Value stored to 'idx' is never read
|
||||||
|
|
||||||
|
* src/xlat.c (xlookup): Remove idx declaration; declare idx inside
|
||||||
|
of the for loop in the XT_NORMAL case; do not offset x->data and x->size
|
||||||
|
by offs in the XT_SORTED case and do not update idx upon successful
|
||||||
|
lookup.
|
||||||
|
|
||||||
|
Complements: v5.15~164 "xlat: no longer interpret NULL xlat as continuation"
|
||||||
|
---
|
||||||
|
src/xlat.c | 10 +++-------
|
||||||
|
1 file changed, 3 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
Index: strace-5.18/src/xlat.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/src/xlat.c 2022-07-12 17:11:52.660927011 +0200
|
||||||
|
+++ strace-5.18/src/xlat.c 2022-07-12 17:16:18.116794139 +0200
|
||||||
|
@@ -61,7 +61,6 @@
|
||||||
|
const char *
|
||||||
|
xlookup(const struct xlat *x, const uint64_t val)
|
||||||
|
{
|
||||||
|
- size_t idx = 0;
|
||||||
|
const struct xlat_data *e;
|
||||||
|
|
||||||
|
if (!x || !x->data)
|
||||||
|
@@ -69,21 +68,18 @@
|
||||||
|
|
||||||
|
switch (x->type) {
|
||||||
|
case XT_NORMAL:
|
||||||
|
- for (; idx < x->size; idx++)
|
||||||
|
+ for (size_t idx = 0; idx < x->size; idx++)
|
||||||
|
if (x->data[idx].val == val)
|
||||||
|
return x->data[idx].str;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case XT_SORTED:
|
||||||
|
e = bsearch((const void *) &val,
|
||||||
|
- x->data + idx,
|
||||||
|
- x->size - idx,
|
||||||
|
+ x->data, x->size,
|
||||||
|
sizeof(x->data[0]),
|
||||||
|
xlat_bsearch_compare);
|
||||||
|
- if (e) {
|
||||||
|
- idx = e - x->data;
|
||||||
|
+ if (e)
|
||||||
|
return e->str;
|
||||||
|
- }
|
||||||
|
break;
|
||||||
|
|
||||||
|
case XT_INDEXED:
|
56
0176-strauss-tips-whitespace-and-phrasing-cleanups.patch
Normal file
56
0176-strauss-tips-whitespace-and-phrasing-cleanups.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
From e604d7bfd18cf5f29e6723091cc1db2945c918c9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||||
|
Date: Tue, 28 Jun 2022 16:46:53 +0200
|
||||||
|
Subject: [PATCH] strauss: tips whitespace and phrasing cleanups
|
||||||
|
|
||||||
|
* src/strauss.c (tips_tricks_tweaks): Fix some whitespace and phrasing
|
||||||
|
issues.
|
||||||
|
---
|
||||||
|
src/strauss.c | 13 +++++++------
|
||||||
|
1 file changed, 7 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
Index: strace-5.18/src/strauss.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/src/strauss.c 2022-07-12 17:17:08.712197019 +0200
|
||||||
|
+++ strace-5.18/src/strauss.c 2022-07-12 17:17:20.685055717 +0200
|
||||||
|
@@ -128,8 +128,8 @@
|
||||||
|
{ "strace is about as old as the Linux kernel.",
|
||||||
|
"It has been originally written for SunOS",
|
||||||
|
"by Paul Kranenburg in 1991. The support",
|
||||||
|
- "for all OSes except Linux has been dropped",
|
||||||
|
- "since 2012, though, in strace 4.7." },
|
||||||
|
+ "for all OSes except Linux was dropped"
|
||||||
|
+ "in 2012, though, in strace 4.7." },
|
||||||
|
{ "strace is able to decode netlink messages.",
|
||||||
|
"It does so automatically for I/O performed",
|
||||||
|
"on netlink sockets. Try it yourself:", "",
|
||||||
|
@@ -187,7 +187,7 @@
|
||||||
|
"want to try --seccomp-bpf option, maybe you",
|
||||||
|
"will feel better." },
|
||||||
|
{ "-v is a shorthand for -e abbrev=none and not",
|
||||||
|
- " for -e verbose=all. It is idiosyncratic,",
|
||||||
|
+ "for -e verbose=all. It is idiosyncratic,",
|
||||||
|
"but it is the historic behaviour." },
|
||||||
|
{ "strace uses netlink for printing",
|
||||||
|
"protocol-specific information about socket",
|
||||||
|
@@ -254,7 +254,7 @@
|
||||||
|
"by invoking it with the following options:", "",
|
||||||
|
" strace -DDDqqq -enone --signal=none" },
|
||||||
|
{ "Historically, supplying -o option to strace",
|
||||||
|
- "led to silencing of messages about tracee",
|
||||||
|
+ "leads to silencing of messages about tracee",
|
||||||
|
"attach/detach and personality changes.",
|
||||||
|
"It can be now overridden with --quiet=none",
|
||||||
|
"option." },
|
||||||
|
@@ -285,8 +285,9 @@
|
||||||
|
"will trace all syscalls related to accessing",
|
||||||
|
"and modifying process's user/group IDs",
|
||||||
|
"and capability sets. Other pre-defined",
|
||||||
|
- "syscall classes include %clock, %desc,%file,",
|
||||||
|
- "%ipc,%memory, %net,%process, and %signal." },
|
||||||
|
+ "syscall classes include %clock, %desc,"
|
||||||
|
+ "%file, %ipc, %memory, %net, %process,"
|
||||||
|
+ "and %signal." },
|
||||||
|
{ "Trying to figure out communication between",
|
||||||
|
"tracees inside a different PID namespace",
|
||||||
|
"(in so-called \"containers\", for example)?",
|
@ -0,0 +1,48 @@
|
|||||||
|
From 968789d5426442ac43b96eabd65f3e5c0c141e62 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||||
|
Date: Tue, 28 Jun 2022 16:47:56 +0200
|
||||||
|
Subject: [PATCH] strauss: fix off-by-one error in strauss array access
|
||||||
|
|
||||||
|
It has to be limited with strauss_lines - 1, not strauss_lines.
|
||||||
|
Reported by covscan:
|
||||||
|
|
||||||
|
Error: OVERRUN (CWE-119):
|
||||||
|
strace-5.18/src/strauss.c:380: cond_at_least: Checking "4UL + i < 37UL"
|
||||||
|
implies that "i" is at least 33 on the false branch.
|
||||||
|
strace-5.18/src/strauss.c:380: overrun-local: Overrunning array "strauss"
|
||||||
|
of 37 8-byte elements at element index 37 (byte offset 303) using index
|
||||||
|
"(4UL + i < 37UL) ? 4UL + i : 37UL" (which evaluates to 37).
|
||||||
|
|
||||||
|
* src/strauss.c (print_totd): Limit strauss array accesses to
|
||||||
|
strauss_lines - 1 instead of strauss_lines.
|
||||||
|
---
|
||||||
|
src/strauss.c | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/strauss.c b/src/strauss.c
|
||||||
|
index 98af183..b22ab6a 100644
|
||||||
|
--- a/src/strauss.c
|
||||||
|
+++ b/src/strauss.c
|
||||||
|
@@ -373,16 +373,16 @@ print_totd(void)
|
||||||
|
tip_left[MIN(i + 1, ARRAY_SIZE(tip_left) - 1)],
|
||||||
|
w, w, tips_tricks_tweaks[id][i] ?: "",
|
||||||
|
tip_right[MIN(i + 1, ARRAY_SIZE(tip_right) - 1)],
|
||||||
|
- strauss[MIN(3 + i, strauss_lines)]);
|
||||||
|
+ strauss[MIN(3 + i, strauss_lines - 1)]);
|
||||||
|
}
|
||||||
|
fprintf(stderr, "%s%s\n",
|
||||||
|
- tip_bottom, strauss[MIN(3 + i, strauss_lines)]);
|
||||||
|
+ tip_bottom, strauss[MIN(3 + i, strauss_lines - 1)]);
|
||||||
|
do {
|
||||||
|
fprintf(stderr, "%*s%*s%*s%s\n",
|
||||||
|
(int) strlen(tip_left[0]), "",
|
||||||
|
w, "",
|
||||||
|
(int) strlen(tip_right[0]), "",
|
||||||
|
- strauss[MIN(4 + i, strauss_lines)]);
|
||||||
|
+ strauss[MIN(4 + i, strauss_lines - 1)]);
|
||||||
|
} while ((show_tips == TIPS_FULL) && (4 + ++i < strauss_lines));
|
||||||
|
|
||||||
|
printed = true;
|
||||||
|
--
|
||||||
|
2.1.4
|
||||||
|
|
62
0178-util-add-offs-sanity-check-to-print_clock_t.patch
Normal file
62
0178-util-add-offs-sanity-check-to-print_clock_t.patch
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
From 6d3e97e83a7d61cbb2f5109efb4b519383a55712 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||||
|
Date: Tue, 28 Jun 2022 16:55:49 +0200
|
||||||
|
Subject: [PATCH] util: add offs sanity check to print_clock_t
|
||||||
|
|
||||||
|
While it is not strictly needed right now, the code that uses
|
||||||
|
the calculated offs value lacks any checks for possible buf overruns,
|
||||||
|
which is not defensive enough, so let's add them. Reported by covscan:
|
||||||
|
|
||||||
|
Error: OVERRUN (CWE-119):
|
||||||
|
strace-5.18/src/util.c:248: assignment: Assigning:
|
||||||
|
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
|
||||||
|
16 and 31 (inclusive).
|
||||||
|
strace-5.18/src/util.c:249: overrun-local: Overrunning array of 30 bytes
|
||||||
|
at byte offset 31 by dereferencing pointer "buf + offs". [Note: The source
|
||||||
|
code implementation of the function has been overridden by a builtin model.]
|
||||||
|
|
||||||
|
Error: OVERRUN (CWE-119):
|
||||||
|
strace-5.18/src/util.c:248: assignment: Assigning:
|
||||||
|
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
|
||||||
|
16 and 31 (inclusive).
|
||||||
|
strace-5.18/src/util.c:253: overrun-buffer-arg: Overrunning array "buf"
|
||||||
|
of 30 bytes by passing it to a function which accesses it at byte offset
|
||||||
|
32 using argument "offs + 2UL" (which evaluates to 33). [Note: The source
|
||||||
|
code implementation of the function has been overridden by a builtin model.]
|
||||||
|
|
||||||
|
Error: OVERRUN (CWE-119):
|
||||||
|
strace-5.18/src/util.c:248: assignment: Assigning:
|
||||||
|
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
|
||||||
|
16 and 31 (inclusive).
|
||||||
|
strace-5.18/src/util.c:254: overrun-local: Overrunning array "buf"
|
||||||
|
of 30 bytes at byte offset 32 using index "offs + 1UL" (which evaluates
|
||||||
|
to 32).
|
||||||
|
|
||||||
|
* src/util.c (print_clock_t): Add check that offs is small enough
|
||||||
|
for it and "offs + 2" not to overrun buf.
|
||||||
|
---
|
||||||
|
src/util.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/util.c b/src/util.c
|
||||||
|
index 5f87acb..93aa7b3 100644
|
||||||
|
--- a/src/util.c
|
||||||
|
+++ b/src/util.c
|
||||||
|
@@ -246,6 +246,14 @@ print_clock_t(uint64_t val)
|
||||||
|
*/
|
||||||
|
char buf[sizeof(uint64_t) * 3 + sizeof("0.0 s")];
|
||||||
|
size_t offs = ilog10(val / clk_tck);
|
||||||
|
+ /*
|
||||||
|
+ * This check is mostly to appease covscan, which thinks
|
||||||
|
+ * that offs can go as high as 31 (it cannot), but since
|
||||||
|
+ * there is no proper sanity checks against offs overrunning
|
||||||
|
+ * buf down the code, it may as well be here.
|
||||||
|
+ */
|
||||||
|
+ if (offs > (sizeof(buf) - sizeof("0.0 s")))
|
||||||
|
+ return;
|
||||||
|
int ret = snprintf(buf + offs, sizeof(buf) - offs, "%.*f s",
|
||||||
|
frac_width,
|
||||||
|
(double) (val % clk_tck) / clk_tck);
|
||||||
|
--
|
||||||
|
2.1.4
|
||||||
|
|
882
0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch
Normal file
882
0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch
Normal file
@ -0,0 +1,882 @@
|
|||||||
|
From 960e78f208b4f6d48962bbc9cad45588cc8c90ad Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
|
||||||
|
Date: Tue, 21 Jun 2022 08:43:00 +0200
|
||||||
|
Subject: [PATCH] secontext: print context of Unix socket's sun_path field
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
|
||||||
|
|
||||||
|
* src/sockaddr.c: Include "secontext.h".
|
||||||
|
(print_sockaddr_data_un): Print the SELinux context of sun_path field
|
||||||
|
using selinux_printfilecon.
|
||||||
|
* NEWS: Mention this change.
|
||||||
|
* tests/secontext.c (raw_secontext_full_fd, get_secontext_field_fd,
|
||||||
|
raw_secontext_short_fd, secontext_full_fd, secontext_short_fd): New
|
||||||
|
functions.
|
||||||
|
* tests/secontext.h (secontext_full_fd, secontext_short_fd,
|
||||||
|
get_secontext_field_fd): New prototypes.
|
||||||
|
(SECONTEXT_FD): New macro.
|
||||||
|
* tests/sockname.c: Include "secontext.h".
|
||||||
|
(test_sockname_syscall): Update expected output.
|
||||||
|
* tests/gen_tests.in (getsockname--secontext,
|
||||||
|
getsockname--secontext_full, getsockname--secontext_full_mismatch,
|
||||||
|
getsockname--secontext_mismatch): New tests.
|
||||||
|
|
||||||
|
Resolves: https://github.com/strace/strace/pull/214
|
||||||
|
---
|
||||||
|
NEWS | 1 +
|
||||||
|
src/sockaddr.c | 3 +++
|
||||||
|
tests/gen_tests.in | 4 ++++
|
||||||
|
tests/secontext.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
tests/secontext.h | 12 ++++++++++++
|
||||||
|
tests/sockname.c | 54 +++++++++++++++++++++++++++++++++++-------------------
|
||||||
|
6 files changed, 104 insertions(+), 19 deletions(-)
|
||||||
|
|
||||||
|
Index: strace-5.18/NEWS
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/NEWS 2022-07-12 18:20:18.495470531 +0200
|
||||||
|
+++ strace-5.18/NEWS 2022-07-12 18:20:44.531163262 +0200
|
||||||
|
@@ -5,6 +5,7 @@
|
||||||
|
* Added an interface of raising des Strausses awareness.
|
||||||
|
* Added --tips option to print strace tips, tricks, and tweaks
|
||||||
|
at the end of the tracing session.
|
||||||
|
+ * Implemented printing of Unix socket sun_path field's SELinux context.
|
||||||
|
* Enhanced decoding of bpf and io_uring_register syscalls.
|
||||||
|
* Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl
|
||||||
|
commands.
|
||||||
|
Index: strace-5.18/src/sockaddr.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/src/sockaddr.c 2022-07-12 18:17:36.745379483 +0200
|
||||||
|
+++ strace-5.18/src/sockaddr.c 2022-07-12 18:20:18.495470531 +0200
|
||||||
|
@@ -63,6 +63,8 @@
|
||||||
|
#include "xlat/mctp_addrs.h"
|
||||||
|
#include "xlat/mctp_nets.h"
|
||||||
|
|
||||||
|
+#include "secontext.h"
|
||||||
|
+
|
||||||
|
#define SIZEOF_SA_FAMILY sizeof_field(struct sockaddr, sa_family)
|
||||||
|
|
||||||
|
struct sockaddr_rxrpc {
|
||||||
|
@@ -115,6 +117,7 @@
|
||||||
|
if (sa_un->sun_path[0]) {
|
||||||
|
print_quoted_string(sa_un->sun_path, path_len + 1,
|
||||||
|
QUOTE_0_TERMINATED);
|
||||||
|
+ selinux_printfilecon(tcp, sa_un->sun_path);
|
||||||
|
} else {
|
||||||
|
tprints("@");
|
||||||
|
print_quoted_string(sa_un->sun_path + 1, path_len - 1, 0);
|
||||||
|
Index: strace-5.18/tests/gen_tests.in
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests/gen_tests.in 2022-07-12 18:17:36.746379471 +0200
|
||||||
|
+++ strace-5.18/tests/gen_tests.in 2022-07-12 18:20:18.496470519 +0200
|
||||||
|
@@ -225,6 +225,10 @@
|
||||||
|
getsid -a10
|
||||||
|
getsid--pidns-translation test_pidns -e trace=getsid -a10
|
||||||
|
getsockname -a27
|
||||||
|
+getsockname--secontext -a27 --secontext -e trace=getsockname
|
||||||
|
+getsockname--secontext_full -a27 --secontext=full -e trace=getsockname
|
||||||
|
+getsockname--secontext_full_mismatch -a27 --secontext=full,mismatch -e trace=getsockname
|
||||||
|
+getsockname--secontext_mismatch -a27 --secontext=mismatch -e trace=getsockname
|
||||||
|
gettid -a9
|
||||||
|
getuid-creds +getuid.test
|
||||||
|
getuid32 +getuid.test
|
||||||
|
Index: strace-5.18/tests/secontext.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests/secontext.c 2022-07-12 18:17:36.747379459 +0200
|
||||||
|
+++ strace-5.18/tests/secontext.c 2022-07-12 18:20:18.496470519 +0200
|
||||||
|
@@ -141,6 +141,21 @@
|
||||||
|
return full_secontext;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static char *
|
||||||
|
+raw_secontext_full_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ int saved_errno = errno;
|
||||||
|
+ char *full_secontext = NULL;
|
||||||
|
+ char *secontext;
|
||||||
|
+
|
||||||
|
+ if (fgetfilecon(fd, &secontext) >= 0) {
|
||||||
|
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
|
||||||
|
+ freecon(secontext);
|
||||||
|
+ }
|
||||||
|
+ errno = saved_errno;
|
||||||
|
+ return full_secontext;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
char *
|
||||||
|
get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
{
|
||||||
|
@@ -151,6 +166,16 @@
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
|
||||||
|
+char *
|
||||||
|
+get_secontext_field_fd(int fd, enum secontext_field field)
|
||||||
|
+{
|
||||||
|
+ char *ctx = raw_secontext_full_fd(fd);
|
||||||
|
+ char *type = get_secontext_field(ctx, field);
|
||||||
|
+ free(ctx);
|
||||||
|
+
|
||||||
|
+ return type;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static char *
|
||||||
|
raw_secontext_short_file(const char *filename)
|
||||||
|
{
|
||||||
|
@@ -158,6 +183,12 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *
|
||||||
|
+raw_secontext_short_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static char *
|
||||||
|
raw_secontext_full_pid(pid_t pid)
|
||||||
|
{
|
||||||
|
int saved_errno = errno;
|
||||||
|
@@ -205,6 +236,15 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
char *
|
||||||
|
+secontext_full_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ int saved_errno = errno;
|
||||||
|
+ char *context = raw_secontext_full_fd(fd);
|
||||||
|
+ errno = saved_errno;
|
||||||
|
+ return FORMAT_SPACE_BEFORE(context);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+char *
|
||||||
|
secontext_full_pid(pid_t pid)
|
||||||
|
{
|
||||||
|
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
|
||||||
|
@@ -228,6 +268,15 @@
|
||||||
|
errno = saved_errno;
|
||||||
|
return FORMAT_SPACE_BEFORE(context);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+char *
|
||||||
|
+secontext_short_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ int saved_errno = errno;
|
||||||
|
+ char *context = raw_secontext_short_fd(fd);
|
||||||
|
+ errno = saved_errno;
|
||||||
|
+ return FORMAT_SPACE_BEFORE(context);
|
||||||
|
+}
|
||||||
|
|
||||||
|
char *
|
||||||
|
secontext_short_pid(pid_t pid)
|
||||||
|
Index: strace-5.18/tests/secontext.h
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests/secontext.h 2022-07-12 18:17:36.747379459 +0200
|
||||||
|
+++ strace-5.18/tests/secontext.h 2022-07-12 18:20:18.496470519 +0200
|
||||||
|
@@ -9,9 +9,11 @@
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
|
||||||
|
|
||||||
|
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
|
||||||
|
|
||||||
|
@@ -30,6 +32,7 @@
|
||||||
|
*/
|
||||||
|
char *get_secontext_field(const char *full_context, enum secontext_field field);
|
||||||
|
|
||||||
|
+char *get_secontext_field_fd(int fd, enum secontext_field field);
|
||||||
|
char *get_secontext_field_file(const char *file, enum secontext_field field);
|
||||||
|
|
||||||
|
void reset_secontext_file(const char *file);
|
||||||
|
@@ -44,6 +47,7 @@
|
||||||
|
# else
|
||||||
|
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
|
||||||
|
# endif
|
||||||
|
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
|
||||||
|
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
|
||||||
|
|
||||||
|
# else
|
||||||
|
@@ -53,6 +57,7 @@
|
||||||
|
# else
|
||||||
|
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
|
||||||
|
# endif
|
||||||
|
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
|
||||||
|
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
|
||||||
|
|
||||||
|
# endif
|
||||||
|
@@ -65,6 +70,12 @@
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
static inline char *
|
||||||
|
+get_secontext_field_fd(int fd, enum secontext_field field)
|
||||||
|
+{
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline char *
|
||||||
|
get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
{
|
||||||
|
return NULL;
|
||||||
|
@@ -81,6 +92,7 @@
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
+# define SECONTEXT_FD(fd) xstrdup("")
|
||||||
|
# define SECONTEXT_FILE(filename) xstrdup("")
|
||||||
|
# define SECONTEXT_PID(pid) xstrdup("")
|
||||||
|
|
||||||
|
Index: strace-5.18/tests/sockname.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests/sockname.c 2022-07-12 18:17:36.748379448 +0200
|
||||||
|
+++ strace-5.18/tests/sockname.c 2022-07-12 18:20:18.496470519 +0200
|
||||||
|
@@ -18,6 +18,8 @@
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <sys/un.h>
|
||||||
|
|
||||||
|
+#include "secontext.h"
|
||||||
|
+
|
||||||
|
#ifndef TEST_SYSCALL_NAME
|
||||||
|
# error TEST_SYSCALL_NAME must be defined
|
||||||
|
#endif
|
||||||
|
@@ -59,14 +61,19 @@
|
||||||
|
*plen = sizeof(struct sockaddr_un);
|
||||||
|
struct sockaddr_un *addr = tail_alloc(*plen);
|
||||||
|
|
||||||
|
+ char *my_secontext = SECONTEXT_PID_MY();
|
||||||
|
+ char *fd_secontext = SECONTEXT_FD(fd);
|
||||||
|
+
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
|
||||||
|
", [%d => %d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
|
||||||
|
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
memset(addr, 0, sizeof(*addr));
|
||||||
|
@@ -75,28 +82,34 @@
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
|
||||||
|
", [%d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
|
||||||
|
(int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, %p, NULL%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
|
||||||
|
- sprintrc(rc));
|
||||||
|
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
|
||||||
|
+ addr, SUFFIX_STR, sprintrc(rc));
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
|
||||||
|
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext,
|
||||||
|
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
|
||||||
|
SUFFIX_STR, sprintrc(rc));
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
|
||||||
|
plen + 1 SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, %p, %p%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
|
||||||
|
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
|
||||||
|
plen + 1, SUFFIX_STR, sprintrc(rc));
|
||||||
|
|
||||||
|
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
|
||||||
|
@@ -108,8 +121,9 @@
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
++addr;
|
||||||
|
@@ -121,17 +135,19 @@
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
|
||||||
|
", [%d => %d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
|
||||||
|
- addr->sun_path, (int) sizeof(struct sockaddr),
|
||||||
|
- (int) *plen, SUFFIX_STR, rc);
|
||||||
|
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
|
||||||
|
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
|
||||||
|
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
|
||||||
|
*plen, SUFFIX_STR, sprintrc(rc));
|
||||||
|
}
|
||||||
|
Index: strace-5.18/tests-m32/secontext.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests-m32/secontext.c 2022-07-12 18:17:36.747379459 +0200
|
||||||
|
+++ strace-5.18/tests-m32/secontext.c 2022-07-12 18:20:18.496470519 +0200
|
||||||
|
@@ -141,6 +141,21 @@
|
||||||
|
return full_secontext;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static char *
|
||||||
|
+raw_secontext_full_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ int saved_errno = errno;
|
||||||
|
+ char *full_secontext = NULL;
|
||||||
|
+ char *secontext;
|
||||||
|
+
|
||||||
|
+ if (fgetfilecon(fd, &secontext) >= 0) {
|
||||||
|
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
|
||||||
|
+ freecon(secontext);
|
||||||
|
+ }
|
||||||
|
+ errno = saved_errno;
|
||||||
|
+ return full_secontext;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
char *
|
||||||
|
get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
{
|
||||||
|
@@ -151,6 +166,16 @@
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
|
||||||
|
+char *
|
||||||
|
+get_secontext_field_fd(int fd, enum secontext_field field)
|
||||||
|
+{
|
||||||
|
+ char *ctx = raw_secontext_full_fd(fd);
|
||||||
|
+ char *type = get_secontext_field(ctx, field);
|
||||||
|
+ free(ctx);
|
||||||
|
+
|
||||||
|
+ return type;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static char *
|
||||||
|
raw_secontext_short_file(const char *filename)
|
||||||
|
{
|
||||||
|
@@ -158,6 +183,12 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *
|
||||||
|
+raw_secontext_short_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static char *
|
||||||
|
raw_secontext_full_pid(pid_t pid)
|
||||||
|
{
|
||||||
|
int saved_errno = errno;
|
||||||
|
@@ -205,6 +236,15 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
char *
|
||||||
|
+secontext_full_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ int saved_errno = errno;
|
||||||
|
+ char *context = raw_secontext_full_fd(fd);
|
||||||
|
+ errno = saved_errno;
|
||||||
|
+ return FORMAT_SPACE_BEFORE(context);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+char *
|
||||||
|
secontext_full_pid(pid_t pid)
|
||||||
|
{
|
||||||
|
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
|
||||||
|
@@ -228,6 +268,15 @@
|
||||||
|
errno = saved_errno;
|
||||||
|
return FORMAT_SPACE_BEFORE(context);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+char *
|
||||||
|
+secontext_short_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ int saved_errno = errno;
|
||||||
|
+ char *context = raw_secontext_short_fd(fd);
|
||||||
|
+ errno = saved_errno;
|
||||||
|
+ return FORMAT_SPACE_BEFORE(context);
|
||||||
|
+}
|
||||||
|
|
||||||
|
char *
|
||||||
|
secontext_short_pid(pid_t pid)
|
||||||
|
Index: strace-5.18/tests-m32/secontext.h
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests-m32/secontext.h 2022-07-12 18:17:36.747379459 +0200
|
||||||
|
+++ strace-5.18/tests-m32/secontext.h 2022-07-12 18:20:18.496470519 +0200
|
||||||
|
@@ -9,9 +9,11 @@
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
|
||||||
|
|
||||||
|
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
|
||||||
|
|
||||||
|
@@ -30,6 +32,7 @@
|
||||||
|
*/
|
||||||
|
char *get_secontext_field(const char *full_context, enum secontext_field field);
|
||||||
|
|
||||||
|
+char *get_secontext_field_fd(int fd, enum secontext_field field);
|
||||||
|
char *get_secontext_field_file(const char *file, enum secontext_field field);
|
||||||
|
|
||||||
|
void reset_secontext_file(const char *file);
|
||||||
|
@@ -44,6 +47,7 @@
|
||||||
|
# else
|
||||||
|
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
|
||||||
|
# endif
|
||||||
|
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
|
||||||
|
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
|
||||||
|
|
||||||
|
# else
|
||||||
|
@@ -53,6 +57,7 @@
|
||||||
|
# else
|
||||||
|
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
|
||||||
|
# endif
|
||||||
|
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
|
||||||
|
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
|
||||||
|
|
||||||
|
# endif
|
||||||
|
@@ -65,6 +70,12 @@
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
static inline char *
|
||||||
|
+get_secontext_field_fd(int fd, enum secontext_field field)
|
||||||
|
+{
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline char *
|
||||||
|
get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
{
|
||||||
|
return NULL;
|
||||||
|
@@ -81,6 +92,7 @@
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
+# define SECONTEXT_FD(fd) xstrdup("")
|
||||||
|
# define SECONTEXT_FILE(filename) xstrdup("")
|
||||||
|
# define SECONTEXT_PID(pid) xstrdup("")
|
||||||
|
|
||||||
|
Index: strace-5.18/tests-m32/sockname.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests-m32/sockname.c 2022-07-12 18:17:36.748379448 +0200
|
||||||
|
+++ strace-5.18/tests-m32/sockname.c 2022-07-12 18:20:18.496470519 +0200
|
||||||
|
@@ -18,6 +18,8 @@
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <sys/un.h>
|
||||||
|
|
||||||
|
+#include "secontext.h"
|
||||||
|
+
|
||||||
|
#ifndef TEST_SYSCALL_NAME
|
||||||
|
# error TEST_SYSCALL_NAME must be defined
|
||||||
|
#endif
|
||||||
|
@@ -59,14 +61,19 @@
|
||||||
|
*plen = sizeof(struct sockaddr_un);
|
||||||
|
struct sockaddr_un *addr = tail_alloc(*plen);
|
||||||
|
|
||||||
|
+ char *my_secontext = SECONTEXT_PID_MY();
|
||||||
|
+ char *fd_secontext = SECONTEXT_FD(fd);
|
||||||
|
+
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
|
||||||
|
", [%d => %d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
|
||||||
|
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
memset(addr, 0, sizeof(*addr));
|
||||||
|
@@ -75,28 +82,34 @@
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
|
||||||
|
", [%d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
|
||||||
|
(int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, %p, NULL%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
|
||||||
|
- sprintrc(rc));
|
||||||
|
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
|
||||||
|
+ addr, SUFFIX_STR, sprintrc(rc));
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
|
||||||
|
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext,
|
||||||
|
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
|
||||||
|
SUFFIX_STR, sprintrc(rc));
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
|
||||||
|
plen + 1 SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, %p, %p%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
|
||||||
|
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
|
||||||
|
plen + 1, SUFFIX_STR, sprintrc(rc));
|
||||||
|
|
||||||
|
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
|
||||||
|
@@ -108,8 +121,9 @@
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
++addr;
|
||||||
|
@@ -121,17 +135,19 @@
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
|
||||||
|
", [%d => %d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
|
||||||
|
- addr->sun_path, (int) sizeof(struct sockaddr),
|
||||||
|
- (int) *plen, SUFFIX_STR, rc);
|
||||||
|
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
|
||||||
|
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
|
||||||
|
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
|
||||||
|
*plen, SUFFIX_STR, sprintrc(rc));
|
||||||
|
}
|
||||||
|
Index: strace-5.18/tests-mx32/secontext.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests-mx32/secontext.c 2022-07-12 18:17:36.747379459 +0200
|
||||||
|
+++ strace-5.18/tests-mx32/secontext.c 2022-07-12 18:20:18.496470519 +0200
|
||||||
|
@@ -141,6 +141,21 @@
|
||||||
|
return full_secontext;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static char *
|
||||||
|
+raw_secontext_full_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ int saved_errno = errno;
|
||||||
|
+ char *full_secontext = NULL;
|
||||||
|
+ char *secontext;
|
||||||
|
+
|
||||||
|
+ if (fgetfilecon(fd, &secontext) >= 0) {
|
||||||
|
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
|
||||||
|
+ freecon(secontext);
|
||||||
|
+ }
|
||||||
|
+ errno = saved_errno;
|
||||||
|
+ return full_secontext;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
char *
|
||||||
|
get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
{
|
||||||
|
@@ -151,6 +166,16 @@
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
|
||||||
|
+char *
|
||||||
|
+get_secontext_field_fd(int fd, enum secontext_field field)
|
||||||
|
+{
|
||||||
|
+ char *ctx = raw_secontext_full_fd(fd);
|
||||||
|
+ char *type = get_secontext_field(ctx, field);
|
||||||
|
+ free(ctx);
|
||||||
|
+
|
||||||
|
+ return type;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static char *
|
||||||
|
raw_secontext_short_file(const char *filename)
|
||||||
|
{
|
||||||
|
@@ -158,6 +183,12 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *
|
||||||
|
+raw_secontext_short_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static char *
|
||||||
|
raw_secontext_full_pid(pid_t pid)
|
||||||
|
{
|
||||||
|
int saved_errno = errno;
|
||||||
|
@@ -205,6 +236,15 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
char *
|
||||||
|
+secontext_full_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ int saved_errno = errno;
|
||||||
|
+ char *context = raw_secontext_full_fd(fd);
|
||||||
|
+ errno = saved_errno;
|
||||||
|
+ return FORMAT_SPACE_BEFORE(context);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+char *
|
||||||
|
secontext_full_pid(pid_t pid)
|
||||||
|
{
|
||||||
|
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
|
||||||
|
@@ -228,6 +268,15 @@
|
||||||
|
errno = saved_errno;
|
||||||
|
return FORMAT_SPACE_BEFORE(context);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+char *
|
||||||
|
+secontext_short_fd(int fd)
|
||||||
|
+{
|
||||||
|
+ int saved_errno = errno;
|
||||||
|
+ char *context = raw_secontext_short_fd(fd);
|
||||||
|
+ errno = saved_errno;
|
||||||
|
+ return FORMAT_SPACE_BEFORE(context);
|
||||||
|
+}
|
||||||
|
|
||||||
|
char *
|
||||||
|
secontext_short_pid(pid_t pid)
|
||||||
|
Index: strace-5.18/tests-mx32/secontext.h
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests-mx32/secontext.h 2022-07-12 18:17:36.747379459 +0200
|
||||||
|
+++ strace-5.18/tests-mx32/secontext.h 2022-07-12 18:20:18.496470519 +0200
|
||||||
|
@@ -9,9 +9,11 @@
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
|
||||||
|
|
||||||
|
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
|
||||||
|
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
|
||||||
|
|
||||||
|
@@ -30,6 +32,7 @@
|
||||||
|
*/
|
||||||
|
char *get_secontext_field(const char *full_context, enum secontext_field field);
|
||||||
|
|
||||||
|
+char *get_secontext_field_fd(int fd, enum secontext_field field);
|
||||||
|
char *get_secontext_field_file(const char *file, enum secontext_field field);
|
||||||
|
|
||||||
|
void reset_secontext_file(const char *file);
|
||||||
|
@@ -44,6 +47,7 @@
|
||||||
|
# else
|
||||||
|
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
|
||||||
|
# endif
|
||||||
|
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
|
||||||
|
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
|
||||||
|
|
||||||
|
# else
|
||||||
|
@@ -53,6 +57,7 @@
|
||||||
|
# else
|
||||||
|
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
|
||||||
|
# endif
|
||||||
|
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
|
||||||
|
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
|
||||||
|
|
||||||
|
# endif
|
||||||
|
@@ -65,6 +70,12 @@
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
static inline char *
|
||||||
|
+get_secontext_field_fd(int fd, enum secontext_field field)
|
||||||
|
+{
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline char *
|
||||||
|
get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
{
|
||||||
|
return NULL;
|
||||||
|
@@ -81,6 +92,7 @@
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
+# define SECONTEXT_FD(fd) xstrdup("")
|
||||||
|
# define SECONTEXT_FILE(filename) xstrdup("")
|
||||||
|
# define SECONTEXT_PID(pid) xstrdup("")
|
||||||
|
|
||||||
|
Index: strace-5.18/tests-mx32/sockname.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests-mx32/sockname.c 2022-07-12 18:17:36.748379448 +0200
|
||||||
|
+++ strace-5.18/tests-mx32/sockname.c 2022-07-12 18:20:18.496470519 +0200
|
||||||
|
@@ -18,6 +18,8 @@
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <sys/un.h>
|
||||||
|
|
||||||
|
+#include "secontext.h"
|
||||||
|
+
|
||||||
|
#ifndef TEST_SYSCALL_NAME
|
||||||
|
# error TEST_SYSCALL_NAME must be defined
|
||||||
|
#endif
|
||||||
|
@@ -59,14 +61,19 @@
|
||||||
|
*plen = sizeof(struct sockaddr_un);
|
||||||
|
struct sockaddr_un *addr = tail_alloc(*plen);
|
||||||
|
|
||||||
|
+ char *my_secontext = SECONTEXT_PID_MY();
|
||||||
|
+ char *fd_secontext = SECONTEXT_FD(fd);
|
||||||
|
+
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
|
||||||
|
", [%d => %d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
|
||||||
|
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
memset(addr, 0, sizeof(*addr));
|
||||||
|
@@ -75,28 +82,34 @@
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
|
||||||
|
", [%d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
|
||||||
|
(int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, %p, NULL%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
|
||||||
|
- sprintrc(rc));
|
||||||
|
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
|
||||||
|
+ addr, SUFFIX_STR, sprintrc(rc));
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
|
||||||
|
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext,
|
||||||
|
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
|
||||||
|
SUFFIX_STR, sprintrc(rc));
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
|
||||||
|
plen + 1 SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, %p, %p%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
|
||||||
|
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
|
||||||
|
plen + 1, SUFFIX_STR, sprintrc(rc));
|
||||||
|
|
||||||
|
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
|
||||||
|
@@ -108,8 +121,9 @@
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
++addr;
|
||||||
|
@@ -121,17 +135,19 @@
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
if (rc < 0)
|
||||||
|
perror_msg_and_skip(TEST_SYSCALL_STR);
|
||||||
|
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
|
||||||
|
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
|
||||||
|
", [%d => %d]%s) = %d\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
|
||||||
|
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
|
||||||
|
- addr->sun_path, (int) sizeof(struct sockaddr),
|
||||||
|
- (int) *plen, SUFFIX_STR, rc);
|
||||||
|
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
|
||||||
|
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
|
||||||
|
|
||||||
|
PREPARE_TEST_SYSCALL_INVOCATION;
|
||||||
|
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
|
||||||
|
plen SUFFIX_ARGS);
|
||||||
|
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
|
||||||
|
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
|
||||||
|
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
|
||||||
|
+ my_secontext,
|
||||||
|
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
|
||||||
|
*plen, SUFFIX_STR, sprintrc(rc));
|
||||||
|
}
|
374
0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch
Normal file
374
0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch
Normal file
@ -0,0 +1,374 @@
|
|||||||
|
From 676979fa9cc7920e5e4d547814f9c0edb597fa0d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||||
|
Date: Thu, 30 Jun 2022 16:01:05 +0200
|
||||||
|
Subject: [PATCH] pathtrace, util: do not print " (deleted)" as part of the
|
||||||
|
path
|
||||||
|
|
||||||
|
In order to allow to discern the unlinked paths from the paths that
|
||||||
|
do indeed end with " (deleted)".
|
||||||
|
|
||||||
|
* src/defs.h (getfdpath_pid): Add deleted parameter.
|
||||||
|
(getfdpath): Pass NULL as deleted parameter to getfdpath_pid.
|
||||||
|
* src/largefile_wrappers.h (lstat_file): New macro.
|
||||||
|
* src/pathtrace.c: Include <sys/stat.h>, <sys/types.h>, <unistd.h>,
|
||||||
|
and "largefile_wrappers.h".
|
||||||
|
(getfdpath_pid): Add deleted parameter, check if path ends with
|
||||||
|
" (deleted)", and if it is, try to figure out if it is a part
|
||||||
|
of the path by comparing device/inode numbers of the file procfs
|
||||||
|
link resolves into and the file pointed by the path read; strip
|
||||||
|
" (deleted)"; set deleted (if it is non-NULL) to true if the fd
|
||||||
|
is turned out to be deleted and to false otherwise.
|
||||||
|
* src/util.c (print_quoted_string_in_angle_brackets): Add deleted
|
||||||
|
parameter, print "(deleted)" after the closing angle bracket if it is
|
||||||
|
non-NULL.
|
||||||
|
(printfd_pid): Add deleted local variable, pass it to getfdpath_pid
|
||||||
|
and print_quoted_string_in_angle_brackets calls.
|
||||||
|
* tests/fchmod.c: Add checks for a file with " (deleted)" in the path,
|
||||||
|
update expected output.
|
||||||
|
* NEWS: Mention the change.
|
||||||
|
---
|
||||||
|
NEWS | 5 +++++
|
||||||
|
src/defs.h | 5 +++--
|
||||||
|
src/largefile_wrappers.h | 2 ++
|
||||||
|
src/pathtrace.c | 48 +++++++++++++++++++++++++++++++++++++++++++++---
|
||||||
|
src/util.c | 10 +++++++---
|
||||||
|
tests/fchmod.c | 47 +++++++++++++++++++++++++++++++++++++++++++----
|
||||||
|
6 files changed, 105 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
Index: strace-5.18/NEWS
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/NEWS 2022-07-13 12:52:48.219784860 +0200
|
||||||
|
+++ strace-5.18/NEWS 2022-07-13 12:52:48.451782122 +0200
|
||||||
|
@@ -1,6 +1,11 @@
|
||||||
|
Noteworthy changes in release 5.18 (2022-06-18)
|
||||||
|
===============================================
|
||||||
|
|
||||||
|
+* Changes in behaviour
|
||||||
|
+ * The "(deleted)" marker for unlinked paths of file descriptors is now printed
|
||||||
|
+ outside angle brackets; the matching of unlinked paths of file descriptors
|
||||||
|
+ no longer includes the " (deleted)" part into consideration.
|
||||||
|
+
|
||||||
|
* Improvements
|
||||||
|
* Added an interface of raising des Strausses awareness.
|
||||||
|
* Added --tips option to print strace tips, tricks, and tweaks
|
||||||
|
Index: strace-5.18/src/defs.h
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/src/defs.h 2022-07-13 12:52:29.405006910 +0200
|
||||||
|
+++ strace-5.18/src/defs.h 2022-07-13 12:52:54.532710356 +0200
|
||||||
|
@@ -785,12 +785,13 @@
|
||||||
|
return pathtrace_match_set(tcp, &global_path_set);
|
||||||
|
}
|
||||||
|
|
||||||
|
-extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize);
|
||||||
|
+extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize,
|
||||||
|
+ bool *deleted);
|
||||||
|
|
||||||
|
static inline int
|
||||||
|
getfdpath(struct tcb *tcp, int fd, char *buf, unsigned bufsize)
|
||||||
|
{
|
||||||
|
- return getfdpath_pid(tcp->pid, fd, buf, bufsize);
|
||||||
|
+ return getfdpath_pid(tcp->pid, fd, buf, bufsize, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
extern unsigned long getfdinode(struct tcb *, int);
|
||||||
|
Index: strace-5.18/src/largefile_wrappers.h
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/src/largefile_wrappers.h 2022-07-13 12:52:29.405006910 +0200
|
||||||
|
+++ strace-5.18/src/largefile_wrappers.h 2022-07-13 12:52:48.451782122 +0200
|
||||||
|
@@ -31,6 +31,7 @@
|
||||||
|
# endif
|
||||||
|
# define fstat_fd fstat64
|
||||||
|
# define strace_stat_t struct stat64
|
||||||
|
+# define lstat_file lstat64
|
||||||
|
# define stat_file stat64
|
||||||
|
# define struct_dirent struct dirent64
|
||||||
|
# define read_dir readdir64
|
||||||
|
@@ -42,6 +43,7 @@
|
||||||
|
# define fcntl_fd fcntl
|
||||||
|
# define fstat_fd fstat
|
||||||
|
# define strace_stat_t struct stat
|
||||||
|
+# define lstat_file lstat
|
||||||
|
# define stat_file stat
|
||||||
|
# define struct_dirent struct dirent
|
||||||
|
# define read_dir readdir
|
||||||
|
Index: strace-5.18/src/pathtrace.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/src/pathtrace.c 2022-07-13 12:52:29.405006910 +0200
|
||||||
|
+++ strace-5.18/src/pathtrace.c 2022-07-13 12:52:54.532710356 +0200
|
||||||
|
@@ -10,7 +10,11 @@
|
||||||
|
#include "defs.h"
|
||||||
|
#include <limits.h>
|
||||||
|
#include <poll.h>
|
||||||
|
+#include <sys/stat.h>
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
|
||||||
|
+#include "largefile_wrappers.h"
|
||||||
|
#include "number_set.h"
|
||||||
|
#include "sen.h"
|
||||||
|
#include "xstring.h"
|
||||||
|
@@ -77,7 +81,7 @@
|
||||||
|
* Get path associated with fd of a process with pid.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize)
|
||||||
|
+getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
|
||||||
|
{
|
||||||
|
char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];
|
||||||
|
ssize_t n;
|
||||||
|
@@ -91,12 +95,50 @@
|
||||||
|
|
||||||
|
xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);
|
||||||
|
n = readlink(linkpath, buf, bufsize - 1);
|
||||||
|
+ if (n < 0)
|
||||||
|
+ goto end;
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* NB: if buf is too small, readlink doesn't fail,
|
||||||
|
* it returns truncated result (IOW: n == bufsize - 1).
|
||||||
|
*/
|
||||||
|
- if (n >= 0)
|
||||||
|
- buf[n] = '\0';
|
||||||
|
+ buf[n] = '\0';
|
||||||
|
+ if (deleted)
|
||||||
|
+ *deleted = false;
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Try to figure out if the kernel has appended " (deleted)"
|
||||||
|
+ * to the end of a potentially unlinked path and set deleted
|
||||||
|
+ * if it is the case.
|
||||||
|
+ */
|
||||||
|
+ static const char del_sfx[] = " (deleted)";
|
||||||
|
+ if ((size_t) n <= sizeof(del_sfx))
|
||||||
|
+ goto end;
|
||||||
|
+
|
||||||
|
+ char *del = buf + n + 1 - sizeof(del_sfx);
|
||||||
|
+
|
||||||
|
+ if (memcmp(del, del_sfx, sizeof(del_sfx)))
|
||||||
|
+ goto end;
|
||||||
|
+
|
||||||
|
+ strace_stat_t st_link;
|
||||||
|
+ strace_stat_t st_path;
|
||||||
|
+ int rc = stat_file(linkpath, &st_link);
|
||||||
|
+
|
||||||
|
+ if (rc)
|
||||||
|
+ goto end;
|
||||||
|
+
|
||||||
|
+ rc = lstat_file(buf, &st_path);
|
||||||
|
+
|
||||||
|
+ if (rc ||
|
||||||
|
+ (st_link.st_ino != st_path.st_ino) ||
|
||||||
|
+ (st_link.st_dev != st_path.st_dev)) {
|
||||||
|
+ *del = '\0';
|
||||||
|
+ n = del - buf + 1;
|
||||||
|
+ if (deleted)
|
||||||
|
+ *deleted = true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+end:
|
||||||
|
return n;
|
||||||
|
}
|
||||||
|
|
||||||
|
Index: strace-5.18/src/util.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/src/util.c 2022-07-13 12:52:47.989787575 +0200
|
||||||
|
+++ strace-5.18/src/util.c 2022-07-13 12:52:48.452782111 +0200
|
||||||
|
@@ -735,12 +735,15 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
-print_quoted_string_in_angle_brackets(const char *str)
|
||||||
|
+print_quoted_string_in_angle_brackets(const char *str, const bool deleted)
|
||||||
|
{
|
||||||
|
tprints("<");
|
||||||
|
print_quoted_string_ex(str, strlen(str),
|
||||||
|
QUOTE_OMIT_LEADING_TRAILING_QUOTES, "<>");
|
||||||
|
tprints(">");
|
||||||
|
+
|
||||||
|
+ if (deleted)
|
||||||
|
+ tprints("(deleted)");
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
@@ -749,8 +752,9 @@
|
||||||
|
PRINT_VAL_D(fd);
|
||||||
|
|
||||||
|
char path[PATH_MAX + 1];
|
||||||
|
+ bool deleted;
|
||||||
|
if (pid > 0 && !number_set_array_is_empty(decode_fd_set, 0)
|
||||||
|
- && getfdpath_pid(pid, fd, path, sizeof(path)) >= 0) {
|
||||||
|
+ && getfdpath_pid(pid, fd, path, sizeof(path), &deleted) >= 0) {
|
||||||
|
if (is_number_in_set(DECODE_FD_SOCKET, decode_fd_set) &&
|
||||||
|
printsocket(tcp, fd, path))
|
||||||
|
goto printed;
|
||||||
|
@@ -761,7 +765,7 @@
|
||||||
|
printpidfd(pid, fd, path))
|
||||||
|
goto printed;
|
||||||
|
if (is_number_in_set(DECODE_FD_PATH, decode_fd_set))
|
||||||
|
- print_quoted_string_in_angle_brackets(path);
|
||||||
|
+ print_quoted_string_in_angle_brackets(path, deleted);
|
||||||
|
printed: ;
|
||||||
|
}
|
||||||
|
|
||||||
|
Index: strace-5.18/tests/fchmod.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests/fchmod.c 2022-07-13 12:52:29.405006910 +0200
|
||||||
|
+++ strace-5.18/tests/fchmod.c 2022-07-13 12:52:48.452782111 +0200
|
||||||
|
@@ -35,10 +35,17 @@
|
||||||
|
(void) unlink(sample);
|
||||||
|
int fd = open(sample, O_CREAT|O_RDONLY, 0400);
|
||||||
|
if (fd == -1)
|
||||||
|
- perror_msg_and_fail("open");
|
||||||
|
+ perror_msg_and_fail("open(\"%s\")", sample);
|
||||||
|
+
|
||||||
|
+ static const char sample_del[] = "fchmod_sample_file (deleted)";
|
||||||
|
+ (void) unlink(sample_del);
|
||||||
|
+ int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400);
|
||||||
|
+ if (fd_del == -1)
|
||||||
|
+ perror_msg_and_fail("open(\"%s\")", sample);
|
||||||
|
|
||||||
|
# ifdef YFLAG
|
||||||
|
char *sample_realpath = get_fd_path(fd);
|
||||||
|
+ char *sample_del_realpath = get_fd_path(fd_del);
|
||||||
|
# endif
|
||||||
|
|
||||||
|
const char *sample_secontext = SECONTEXT_FILE(sample);
|
||||||
|
@@ -56,12 +63,27 @@
|
||||||
|
sample_secontext,
|
||||||
|
sprintrc(rc));
|
||||||
|
|
||||||
|
+ const char *sample_del_secontext = SECONTEXT_FILE(sample_del);
|
||||||
|
+ rc = syscall(__NR_fchmod, fd_del, 0600);
|
||||||
|
+# ifdef YFLAG
|
||||||
|
+ printf("%s%s(%d<%s>%s, 0600) = %s\n",
|
||||||
|
+# else
|
||||||
|
+ printf("%s%s(%d%s, 0600) = %s\n",
|
||||||
|
+# endif
|
||||||
|
+ my_secontext, "fchmod",
|
||||||
|
+ fd_del,
|
||||||
|
+# ifdef YFLAG
|
||||||
|
+ sample_del_realpath,
|
||||||
|
+# endif
|
||||||
|
+ sample_del_secontext,
|
||||||
|
+ sprintrc(rc));
|
||||||
|
+
|
||||||
|
if (unlink(sample))
|
||||||
|
- perror_msg_and_fail("unlink");
|
||||||
|
+ perror_msg_and_fail("unlink(\"%s\")", sample);
|
||||||
|
|
||||||
|
rc = syscall(__NR_fchmod, fd, 051);
|
||||||
|
# ifdef YFLAG
|
||||||
|
- printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n",
|
||||||
|
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
|
||||||
|
# else
|
||||||
|
printf("%s%s(%d%s, 051) = %s\n",
|
||||||
|
# endif
|
||||||
|
@@ -73,9 +95,26 @@
|
||||||
|
sample_secontext,
|
||||||
|
sprintrc(rc));
|
||||||
|
|
||||||
|
+ if (unlink(sample_del))
|
||||||
|
+ perror_msg_and_fail("unlink(\"%s\")", sample_del);
|
||||||
|
+
|
||||||
|
+ rc = syscall(__NR_fchmod, fd_del, 051);
|
||||||
|
+# ifdef YFLAG
|
||||||
|
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
|
||||||
|
+# else
|
||||||
|
+ printf("%s%s(%d%s, 051) = %s\n",
|
||||||
|
+# endif
|
||||||
|
+ my_secontext, "fchmod",
|
||||||
|
+ fd_del,
|
||||||
|
+# ifdef YFLAG
|
||||||
|
+ sample_del_realpath,
|
||||||
|
+# endif
|
||||||
|
+ sample_del_secontext,
|
||||||
|
+ sprintrc(rc));
|
||||||
|
+
|
||||||
|
rc = syscall(__NR_fchmod, fd, 004);
|
||||||
|
# ifdef YFLAG
|
||||||
|
- printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n",
|
||||||
|
+ printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n",
|
||||||
|
# else
|
||||||
|
printf("%s%s(%d%s, 004) = %s\n",
|
||||||
|
# endif
|
||||||
|
Index: strace-5.18/tests-m32/fchmod.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/tests-m32/fchmod.c 2022-07-13 12:52:29.405006910 +0200
|
||||||
|
+++ strace-5.18/tests-m32/fchmod.c 2022-07-13 12:52:48.452782111 +0200
|
||||||
|
@@ -35,10 +35,17 @@
|
||||||
|
(void) unlink(sample);
|
||||||
|
int fd = open(sample, O_CREAT|O_RDONLY, 0400);
|
||||||
|
if (fd == -1)
|
||||||
|
- perror_msg_and_fail("open");
|
||||||
|
+ perror_msg_and_fail("open(\"%s\")", sample);
|
||||||
|
+
|
||||||
|
+ static const char sample_del[] = "fchmod_sample_file (deleted)";
|
||||||
|
+ (void) unlink(sample_del);
|
||||||
|
+ int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400);
|
||||||
|
+ if (fd_del == -1)
|
||||||
|
+ perror_msg_and_fail("open(\"%s\")", sample);
|
||||||
|
|
||||||
|
# ifdef YFLAG
|
||||||
|
char *sample_realpath = get_fd_path(fd);
|
||||||
|
+ char *sample_del_realpath = get_fd_path(fd_del);
|
||||||
|
# endif
|
||||||
|
|
||||||
|
const char *sample_secontext = SECONTEXT_FILE(sample);
|
||||||
|
@@ -56,12 +63,27 @@
|
||||||
|
sample_secontext,
|
||||||
|
sprintrc(rc));
|
||||||
|
|
||||||
|
+ const char *sample_del_secontext = SECONTEXT_FILE(sample_del);
|
||||||
|
+ rc = syscall(__NR_fchmod, fd_del, 0600);
|
||||||
|
+# ifdef YFLAG
|
||||||
|
+ printf("%s%s(%d<%s>%s, 0600) = %s\n",
|
||||||
|
+# else
|
||||||
|
+ printf("%s%s(%d%s, 0600) = %s\n",
|
||||||
|
+# endif
|
||||||
|
+ my_secontext, "fchmod",
|
||||||
|
+ fd_del,
|
||||||
|
+# ifdef YFLAG
|
||||||
|
+ sample_del_realpath,
|
||||||
|
+# endif
|
||||||
|
+ sample_del_secontext,
|
||||||
|
+ sprintrc(rc));
|
||||||
|
+
|
||||||
|
if (unlink(sample))
|
||||||
|
- perror_msg_and_fail("unlink");
|
||||||
|
+ perror_msg_and_fail("unlink(\"%s\")", sample);
|
||||||
|
|
||||||
|
rc = syscall(__NR_fchmod, fd, 051);
|
||||||
|
# ifdef YFLAG
|
||||||
|
- printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n",
|
||||||
|
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
|
||||||
|
# else
|
||||||
|
printf("%s%s(%d%s, 051) = %s\n",
|
||||||
|
# endif
|
||||||
|
@@ -73,9 +95,26 @@
|
||||||
|
sample_secontext,
|
||||||
|
sprintrc(rc));
|
||||||
|
|
||||||
|
+ if (unlink(sample_del))
|
||||||
|
+ perror_msg_and_fail("unlink(\"%s\")", sample_del);
|
||||||
|
+
|
||||||
|
+ rc = syscall(__NR_fchmod, fd_del, 051);
|
||||||
|
+# ifdef YFLAG
|
||||||
|
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
|
||||||
|
+# else
|
||||||
|
+ printf("%s%s(%d%s, 051) = %s\n",
|
||||||
|
+# endif
|
||||||
|
+ my_secontext, "fchmod",
|
||||||
|
+ fd_del,
|
||||||
|
+# ifdef YFLAG
|
||||||
|
+ sample_del_realpath,
|
||||||
|
+# endif
|
||||||
|
+ sample_del_secontext,
|
||||||
|
+ sprintrc(rc));
|
||||||
|
+
|
||||||
|
rc = syscall(__NR_fchmod, fd, 004);
|
||||||
|
# ifdef YFLAG
|
||||||
|
- printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n",
|
||||||
|
+ printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n",
|
||||||
|
# else
|
||||||
|
printf("%s%s(%d%s, 004) = %s\n",
|
||||||
|
# endif
|
209
0181-secontext-fix-expected-SELinux-context-check-for-unl.patch
Normal file
209
0181-secontext-fix-expected-SELinux-context-check-for-unl.patch
Normal file
@ -0,0 +1,209 @@
|
|||||||
|
From 3f0e5340b651da98251a58cc7923525d69f96032 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||||
|
Date: Fri, 1 Jul 2022 10:45:48 +0200
|
||||||
|
Subject: [PATCH] secontext: fix expected SELinux context check for unlinked
|
||||||
|
FDs
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
selinux_getfdcon open-coded a part of getfdpath_pid since it tries
|
||||||
|
to do the same job, figure out a path associated with an FD, for slightly
|
||||||
|
different purpose: to get the expected SELinux context for it. As the previous
|
||||||
|
commit shows, it's a bit more complicated in cases when the path ends
|
||||||
|
with the " (deleted)" string, which is also used for designated unlinked paths
|
||||||
|
in procfs. Otherwise, it may manifest in test failures such as this:
|
||||||
|
|
||||||
|
[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 0600) = 0
|
||||||
|
-[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 051) = 0
|
||||||
|
-[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 004) = 0
|
||||||
|
+[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 051) = 0
|
||||||
|
+[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 004) = 0
|
||||||
|
+++ exited with 0 +++
|
||||||
|
+ fail_ '../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
|
||||||
|
+ warn_ 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
|
||||||
|
+ printf '%s\n' 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
|
||||||
|
fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch
|
||||||
|
+ exit 1
|
||||||
|
FAIL fchmod-y--secontext_full_mismatch.gen.test (exit status: 1)
|
||||||
|
|
||||||
|
that happens due to the fact that the get_expected_filecontext() call
|
||||||
|
is made against the path with the " (deleted)" part, which is wrong (it
|
||||||
|
is more wrong than shown above when a file with the path that ends with
|
||||||
|
" (deleted)" exists). Moreover, it would be incorrect to call stat()
|
||||||
|
on that path.
|
||||||
|
|
||||||
|
Let's factor out the common part of the code and simply call it
|
||||||
|
from selinux_getfdcon, then use the st_mode from the procfs link.
|
||||||
|
|
||||||
|
* src/defs.h (get_proc_pid_fd_path): New declaration.
|
||||||
|
* src/pathtrace.c (get)proc_pid_fd_path): New function, part
|
||||||
|
of getfdpath_pid that performs link resolution and processing
|
||||||
|
of the result.
|
||||||
|
(getfdpath_pid): Call get_proc_pid_fd_path after PID resolution.
|
||||||
|
* src/secontext.c (get_expected_filecontext): Add mode parameter, use
|
||||||
|
it in selabel_lookup call instead of retrieveing file mode using stat()
|
||||||
|
if it is not -1.
|
||||||
|
(selinux_getfdcon): Call get_proc_pid_fd_path instead
|
||||||
|
of open-coding path resolution code, call stat() on the procfs link
|
||||||
|
and pass the retrieved st_mode to the get_expected_filecontext call.
|
||||||
|
(selinux_getfilecon): Pass -1 as mode in the get_expected_filecontext
|
||||||
|
call.
|
||||||
|
|
||||||
|
Reported-by: Václav Kadlčík <vkadlcik@redhat.com>
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2087693
|
||||||
|
---
|
||||||
|
src/defs.h | 15 +++++++++++++++
|
||||||
|
src/pathtrace.c | 26 ++++++++++++++++++--------
|
||||||
|
src/secontext.c | 35 +++++++++++++++++++++--------------
|
||||||
|
3 files changed, 54 insertions(+), 22 deletions(-)
|
||||||
|
|
||||||
|
Index: strace-5.18/src/defs.h
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/src/defs.h 2022-07-12 18:22:01.563254140 +0200
|
||||||
|
+++ strace-5.18/src/defs.h 2022-07-12 18:22:06.202199392 +0200
|
||||||
|
@@ -785,6 +785,21 @@
|
||||||
|
return pathtrace_match_set(tcp, &global_path_set);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ * Resolves a path for a fd procfs PID proc_pid (the one got from
|
||||||
|
+ * get_proc_pid()).
|
||||||
|
+ *
|
||||||
|
+ * @param proc_pid PID number in /proc, obtained with get_proc_pid().
|
||||||
|
+ * @param fd FD to resolve path for.
|
||||||
|
+ * @param buf Buffer to store the resolved path in.
|
||||||
|
+ * @param bufsize The size of buf.
|
||||||
|
+ * @param deleted If non-NULL, set to true if the path associated with the FD
|
||||||
|
+ * seems to have been unlinked and to false otherwise.
|
||||||
|
+ * @return Number of bytes written including terminating '\0'.
|
||||||
|
+ */
|
||||||
|
+extern int get_proc_pid_fd_path(int proc_pid, int fd, char *buf,
|
||||||
|
+ unsigned bufsize, bool *deleted);
|
||||||
|
+
|
||||||
|
extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize,
|
||||||
|
bool *deleted);
|
||||||
|
|
||||||
|
Index: strace-5.18/src/pathtrace.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/src/pathtrace.c 2022-07-12 18:22:01.532254506 +0200
|
||||||
|
+++ strace-5.18/src/pathtrace.c 2022-07-12 18:22:06.202199392 +0200
|
||||||
|
@@ -77,11 +77,9 @@
|
||||||
|
set->paths_selected[set->num_selected++] = path;
|
||||||
|
}
|
||||||
|
|
||||||
|
-/*
|
||||||
|
- * Get path associated with fd of a process with pid.
|
||||||
|
- */
|
||||||
|
int
|
||||||
|
-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
|
||||||
|
+get_proc_pid_fd_path(int proc_pid, int fd, char *buf, unsigned bufsize,
|
||||||
|
+ bool *deleted)
|
||||||
|
{
|
||||||
|
char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];
|
||||||
|
ssize_t n;
|
||||||
|
@@ -89,10 +87,6 @@
|
||||||
|
if (fd < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
- int proc_pid = get_proc_pid(pid);
|
||||||
|
- if (!proc_pid)
|
||||||
|
- return -1;
|
||||||
|
-
|
||||||
|
xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);
|
||||||
|
n = readlink(linkpath, buf, bufsize - 1);
|
||||||
|
if (n < 0)
|
||||||
|
@@ -143,6 +137,22 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
+ * Get path associated with fd of a process with pid.
|
||||||
|
+ */
|
||||||
|
+int
|
||||||
|
+getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
|
||||||
|
+{
|
||||||
|
+ if (fd < 0)
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
+ int proc_pid = get_proc_pid(pid);
|
||||||
|
+ if (!proc_pid)
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
+ return get_proc_pid_fd_path(proc_pid, fd, buf, bufsize, deleted);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
* Add a path to the set we're tracing. Also add the canonicalized
|
||||||
|
* version of the path. Specifying NULL will delete all paths.
|
||||||
|
*/
|
||||||
|
Index: strace-5.18/src/secontext.c
|
||||||
|
===================================================================
|
||||||
|
--- strace-5.18.orig/src/secontext.c 2022-07-12 18:22:01.564254128 +0200
|
||||||
|
+++ strace-5.18/src/secontext.c 2022-07-12 18:22:06.203199380 +0200
|
||||||
|
@@ -62,7 +62,7 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
-get_expected_filecontext(const char *path, char **secontext)
|
||||||
|
+get_expected_filecontext(const char *path, char **secontext, int mode)
|
||||||
|
{
|
||||||
|
static struct selabel_handle *hdl;
|
||||||
|
|
||||||
|
@@ -80,12 +80,7 @@
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- strace_stat_t stb;
|
||||||
|
- if (stat_file(path, &stb) < 0) {
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- return selabel_lookup(hdl, secontext, path, stb.st_mode);
|
||||||
|
+ return selabel_lookup(hdl, secontext, path, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -130,16 +125,22 @@
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We need to resolve the path, because selabel_lookup() doesn't
|
||||||
|
- * resolve anything. Using readlink() is sufficient here.
|
||||||
|
+ * resolve anything.
|
||||||
|
*/
|
||||||
|
+ char buf[PATH_MAX + 1];
|
||||||
|
+ ssize_t n = get_proc_pid_fd_path(proc_pid, fd, buf, sizeof(buf), NULL);
|
||||||
|
+ if ((size_t) n >= (sizeof(buf) - 1))
|
||||||
|
+ return 0;
|
||||||
|
|
||||||
|
- char buf[PATH_MAX];
|
||||||
|
- ssize_t n = readlink(linkpath, buf, sizeof(buf));
|
||||||
|
- if ((size_t) n >= sizeof(buf))
|
||||||
|
+ /*
|
||||||
|
+ * We retrieve stat() here since the path the procfs link resolves into
|
||||||
|
+ * may be reused by a different file with different context.
|
||||||
|
+ */
|
||||||
|
+ strace_stat_t st;
|
||||||
|
+ if (stat_file(linkpath, &st))
|
||||||
|
return 0;
|
||||||
|
- buf[n] = '\0';
|
||||||
|
|
||||||
|
- get_expected_filecontext(buf, expected);
|
||||||
|
+ get_expected_filecontext(buf, expected, st.st_mode);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -190,7 +191,13 @@
|
||||||
|
if (!resolved)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
- get_expected_filecontext(resolved, expected);
|
||||||
|
+ strace_stat_t st;
|
||||||
|
+ if (stat_file(resolved, &st) < 0)
|
||||||
|
+ goto out;
|
||||||
|
+
|
||||||
|
+ get_expected_filecontext(resolved, expected, st.st_mode);
|
||||||
|
+
|
||||||
|
+out:
|
||||||
|
free(resolved);
|
||||||
|
|
||||||
|
return 0;
|
70
0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch
Normal file
70
0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
From 5338636cd9ae7f53ed73f1a7909db03189ea2ff3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
||||||
|
Date: Mon, 4 Jul 2022 12:29:22 +0200
|
||||||
|
Subject: [PATCH] tests/bpf: fix sloppy low FD number usage
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
FD 42 can already be opened, so close it. Otherwise, it may lead
|
||||||
|
to the following test failure:
|
||||||
|
|
||||||
|
-bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED)
|
||||||
|
+bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42</var/tmp/restraintd/logs/146893626/task.log>}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED)
|
||||||
|
bpf(BPF_LINK_CREATE, 0x3ff95574fe5, 28) = 841540765612359407 (INJECTED)
|
||||||
|
-bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED)
|
||||||
|
+bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42</var/tmp/restraintd/logs/146893626/task.log>}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED)
|
||||||
|
[...]
|
||||||
|
FAIL bpf-success-long-y.test (exit status: 1)
|
||||||
|
|
||||||
|
* tests/bpf.c (init_BPF_LINK_CREATE_attr7): Close iter_info_data[1] fd.
|
||||||
|
|
||||||
|
Fixes: v5.18~18 "bpf: improve bpf(BPF_LINK_CREATE) decoding"
|
||||||
|
Reported-by: Lenka Špačková <lkuprova@redhat.com>
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103137
|
||||||
|
---
|
||||||
|
tests/bpf.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/tests/bpf.c b/tests/bpf.c
|
||||||
|
index 82d870e..6c1ffd4 100644
|
||||||
|
--- a/tests/bpf.c
|
||||||
|
+++ b/tests/bpf.c
|
||||||
|
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
|
||||||
|
{
|
||||||
|
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
|
||||||
|
|
||||||
|
+ close(iter_info_data[1]);
|
||||||
|
+
|
||||||
|
if (!iter_info_data_p) {
|
||||||
|
iter_info_data_p = tail_memdup(iter_info_data,
|
||||||
|
sizeof(iter_info_data));
|
||||||
|
diff --git a/tests-m32/bpf.c b/tests-m32/bpf.c
|
||||||
|
index 82d870e..6c1ffd4 100644
|
||||||
|
--- a/tests-m32/bpf.c
|
||||||
|
+++ b/tests-m32/bpf.c
|
||||||
|
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
|
||||||
|
{
|
||||||
|
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
|
||||||
|
|
||||||
|
+ close(iter_info_data[1]);
|
||||||
|
+
|
||||||
|
if (!iter_info_data_p) {
|
||||||
|
iter_info_data_p = tail_memdup(iter_info_data,
|
||||||
|
sizeof(iter_info_data));
|
||||||
|
diff --git a/tests-mx32/bpf.c b/tests-mx32/bpf.c
|
||||||
|
index 82d870e..6c1ffd4 100644
|
||||||
|
--- a/tests-mx32/bpf.c
|
||||||
|
+++ b/tests-mx32/bpf.c
|
||||||
|
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
|
||||||
|
{
|
||||||
|
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
|
||||||
|
|
||||||
|
+ close(iter_info_data[1]);
|
||||||
|
+
|
||||||
|
if (!iter_info_data_p) {
|
||||||
|
iter_info_data_p = tail_memdup(iter_info_data,
|
||||||
|
sizeof(iter_info_data));
|
||||||
|
--
|
||||||
|
2.1.4
|
||||||
|
|
43
strace.spec
43
strace.spec
@ -1,9 +1,9 @@
|
|||||||
Summary: Tracks and displays system calls associated with a running process
|
Summary: Tracks and displays system calls associated with a running process
|
||||||
Name: strace
|
Name: strace
|
||||||
Version: 5.18
|
Version: 5.18
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
# The test suite is GPLv2+, all the rest is LGPLv2.1+.
|
# The test suite is GPLv2+, all the rest is LGPLv2.1+.
|
||||||
License: LGPL-2.1+ and GPL-2.0+
|
License: LGPL-2.1-or-later and GPL-2.0-or-later
|
||||||
# Some distros require Group tag to be present,
|
# Some distros require Group tag to be present,
|
||||||
# some require Group tag to be absent,
|
# some require Group tag to be absent,
|
||||||
# some do not care about Group tag at all,
|
# some do not care about Group tag at all,
|
||||||
@ -68,6 +68,28 @@ BuildRequires: pkgconfig(bluez)
|
|||||||
#Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch
|
#Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch
|
||||||
#Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
|
#Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
|
||||||
|
|
||||||
|
## https://bugzilla.redhat.com/2103068 covscan fixes
|
||||||
|
# v5.18-5-g2bf0696 "src/xlat: remove remnants of unnecessary idx usage in xlookup"
|
||||||
|
Patch175: 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch
|
||||||
|
# v5.18-7-ge604d7b "strauss: tips whitespace and phrasing cleanups"
|
||||||
|
Patch176: 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch
|
||||||
|
# v5.18-8-g968789d "strauss: fix off-by-one error in strauss array access"
|
||||||
|
Patch177: 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch
|
||||||
|
# v5.18-9-g6d3e97e "util: add offs sanity check to print_clock_t"
|
||||||
|
Patch178: 0178-util-add-offs-sanity-check-to-print_clock_t.patch
|
||||||
|
|
||||||
|
## https://bugzilla.redhat.com/2087693
|
||||||
|
# v5.18-13-g960e78f "secontext: print context of Unix socket's sun_path field"
|
||||||
|
Patch179: 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch
|
||||||
|
# v5.18-18-g676979f "pathtrace, util: do not print " (deleted)" as part of the path"
|
||||||
|
Patch180: 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch
|
||||||
|
# v5.18-19-g3f0e534 "secontext: fix expected SELinux context check for unlinked FDs"
|
||||||
|
Patch181: 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch
|
||||||
|
|
||||||
|
## https://bugzilla.redhat.com/2103137
|
||||||
|
# v5.18-21-g5338636 "tests/bpf: fix sloppy low FD number usage"
|
||||||
|
Patch182: 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch
|
||||||
|
|
||||||
# Fallback definitions for make_build/make_install macros
|
# Fallback definitions for make_build/make_install macros
|
||||||
%{?!__make: %global __make %_bindir/make}
|
%{?!__make: %global __make %_bindir/make}
|
||||||
%{?!__install: %global __install %_bindir/install}
|
%{?!__install: %global __install %_bindir/install}
|
||||||
@ -104,6 +126,17 @@ received by a process.
|
|||||||
#%patch173 -p1
|
#%patch173 -p1
|
||||||
#%patch174 -p1
|
#%patch174 -p1
|
||||||
|
|
||||||
|
%patch175 -p1
|
||||||
|
%patch176 -p1
|
||||||
|
%patch177 -p1
|
||||||
|
%patch178 -p1
|
||||||
|
%patch179 -p1
|
||||||
|
%patch180 -p1
|
||||||
|
%patch181 -p1
|
||||||
|
%patch182 -p1
|
||||||
|
|
||||||
|
chmod a+x tests/*.test
|
||||||
|
|
||||||
echo -n %version-%release > .tarball-version
|
echo -n %version-%release > .tarball-version
|
||||||
echo -n 2022 > .year
|
echo -n 2022 > .year
|
||||||
echo -n 2022-06-22 > doc/.strace.1.in.date
|
echo -n 2022-06-22 > doc/.strace.1.in.date
|
||||||
@ -161,6 +194,12 @@ echo 'END OF TEST SUITE INFORMATION'
|
|||||||
%{_mandir}/man1/*
|
%{_mandir}/man1/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 11 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-2
|
||||||
|
- Fix the issues reported by covscan (#2103068).
|
||||||
|
- Fix SELinux context matching for the deleted paths (#2087693).
|
||||||
|
- Fix sloppy FD usage in the bpf test (#2103137).
|
||||||
|
- Cater for RHEL 9 license requirement idiosyncrasies (#2103032).
|
||||||
|
|
||||||
* Wed Jun 22 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-1
|
* Wed Jun 22 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-1
|
||||||
- Rebase to v5.18; drop upstream patches on top of 5.13 (#2084002).
|
- Rebase to v5.18; drop upstream patches on top of 5.13 (#2084002).
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user