import strace-5.13-7.el9

This commit is contained in:
CentOS Sources 2022-03-01 07:42:10 -05:00 committed by Stepan Oksanichenko
parent aca25970e8
commit f4c4a32909
8 changed files with 8104 additions and 1 deletions

View File

@ -0,0 +1,208 @@
From b8f375c2c8140e759122bca3e3469386d3ba5184 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Mon, 29 Nov 2021 08:00:00 +0000
Subject: [PATCH 168/174] m4: fix st_SELINUX check
* m4/st_selinux.m4: Make sure selinux support is enabled only if
all expected functions are provided by libselinux.
Fixes: v5.12~49 "Implement --secontext[=full] option to display SELinux contexts"
---
m4/st_selinux.m4 | 36 ++++++++++++++++--------------------
1 file changed, 16 insertions(+), 20 deletions(-)
diff --git a/m4/st_selinux.m4 b/m4/st_selinux.m4
index da72a48..7b24eba 100644
--- a/m4/st_selinux.m4
+++ b/m4/st_selinux.m4
@@ -34,29 +34,25 @@ AS_IF([test "x$with_libselinux" != xno],
AS_IF([test "x$found_selinux_h" = xyes],
[saved_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $libselinux_LDFLAGS"
- AC_CHECK_LIB([selinux],[getpidcon],
- [libselinux_LIBS="-lselinux"
- enable_secontext=yes
- ],
- [if test "x$with_libselinux" != xcheck; then
- AC_MSG_FAILURE([failed to find getpidcon in libselinux])
- fi
- ]
- )
- AC_CHECK_LIB([selinux],[getfilecon],
- [libselinux_LIBS="-lselinux"
- enable_secontext=yes
- ],
- [if test "x$with_libselinux" != xcheck; then
- AC_MSG_FAILURE([failed to find getfilecon in libselinux])
- fi
- ]
+ missing=
+ for func in getpidcon getfilecon; do
+ AC_CHECK_LIB([selinux], [$func], [:],
+ [missing="$missing $func"])
+ done
+ AS_IF([test "x$missing" = x],
+ [libselinux_LIBS="-lselinux"
+ enable_secontext=yes
+ ],
+ [AS_IF([test "x$with_libselinux" != xcheck],
+ [AC_MSG_FAILURE([failed to find in libselinux:$missing])]
+ )
+ ]
)
LDFLAGS="$saved_LDFLAGS"
],
- [if test "x$with_libselinux" != xcheck; then
- AC_MSG_FAILURE([failed to find selinux.h])
- fi
+ [AS_IF([test "x$with_libselinux" != xcheck],
+ [AC_MSG_FAILURE([failed to find selinux.h])]
+ )
]
)
]
--- old/configure 2022-02-07 20:17:58.364068436 +0100
+++ new/configure 2022-02-07 20:19:17.092067347 +0100
@@ -18437,9 +18437,12 @@
if test "x$found_selinux_h" = xyes; then :
saved_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $libselinux_LDFLAGS"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpidcon in -lselinux" >&5
-$as_echo_n "checking for getpidcon in -lselinux... " >&6; }
-if ${ac_cv_lib_selinux_getpidcon+:} false; then :
+ missing=
+ for func in getpidcon getfilecon; do
+ as_ac_Lib=`$as_echo "ac_cv_lib_selinux_$func" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $func in -lselinux" >&5
+$as_echo_n "checking for $func in -lselinux... " >&6; }
+if eval \${$as_ac_Lib+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -18453,101 +18456,59 @@
#ifdef __cplusplus
extern "C"
#endif
-char getpidcon ();
+char $func ();
int
main ()
{
-return getpidcon ();
+return $func ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_selinux_getpidcon=yes
+ eval "$as_ac_Lib=yes"
else
- ac_cv_lib_selinux_getpidcon=no
+ eval "$as_ac_Lib=no"
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_getpidcon" >&5
-$as_echo "$ac_cv_lib_selinux_getpidcon" >&6; }
-if test "x$ac_cv_lib_selinux_getpidcon" = xyes; then :
- libselinux_LIBS="-lselinux"
- enable_secontext=yes
-
+eval ac_res=\$$as_ac_Lib
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
+ :
else
- if test "x$with_libselinux" != xcheck; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to find getpidcon in libselinux
-See \`config.log' for more details" "$LINENO" 5; }
- fi
-
-
+ missing="$missing $func"
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getfilecon in -lselinux" >&5
-$as_echo_n "checking for getfilecon in -lselinux... " >&6; }
-if ${ac_cv_lib_selinux_getfilecon+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lselinux $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getfilecon ();
-int
-main ()
-{
-return getfilecon ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_selinux_getfilecon=yes
-else
- ac_cv_lib_selinux_getfilecon=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_getfilecon" >&5
-$as_echo "$ac_cv_lib_selinux_getfilecon" >&6; }
-if test "x$ac_cv_lib_selinux_getfilecon" = xyes; then :
+ done
+ if test "x$missing" = x; then :
libselinux_LIBS="-lselinux"
- enable_secontext=yes
+ enable_secontext=yes
else
- if test "x$with_libselinux" != xcheck; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+ if test "x$with_libselinux" != xcheck; then :
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to find getfilecon in libselinux
+as_fn_error $? "failed to find in libselinux:$missing
See \`config.log' for more details" "$LINENO" 5; }
- fi
-
fi
+
+fi
LDFLAGS="$saved_LDFLAGS"
else
- if test "x$with_libselinux" != xcheck; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+ if test "x$with_libselinux" != xcheck; then :
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "failed to find selinux.h
See \`config.log' for more details" "$LINENO" 5; }
- fi
+
+fi
fi
--
2.1.4

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,122 @@
From f5fd689e40322a7b08a97eb2d26f192610728230 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 16:10:28 +0100
Subject: [PATCH 170/174] tests/linkat: reset errno before SELinux context
manipulation
To avoid printing a stale error information in case of mismatch check
failure.
* tests/linkat.c: Include <errno.h>.
(main): Add "errno = 0" before update_secontext_field calls.
---
tests/linkat.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tests/linkat.c b/tests/linkat.c
index 1a869e3..c3e2ee4 100644
--- a/tests/linkat.c
+++ b/tests/linkat.c
@@ -10,6 +10,7 @@
#include "tests.h"
#include "scno.h"
+#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@@ -91,6 +92,7 @@ main(void)
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
@@ -112,6 +114,7 @@ main(void)
free(sample_1_secontext);
#endif
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -142,6 +145,7 @@ main(void)
int dfd_old = get_dir_fd(".");
char *cwd = get_fd_path(dfd_old);
+ errno = 0;
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
--- a/tests-m32/linkat.c
+++ b/tests-m32/linkat.c
@@ -10,6 +10,7 @@
#include "tests.h"
#include "scno.h"
+#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@@ -91,6 +92,7 @@ main(void)
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
@@ -112,6 +114,7 @@ main(void)
free(sample_1_secontext);
#endif
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -142,6 +145,7 @@ main(void)
int dfd_old = get_dir_fd(".");
char *cwd = get_fd_path(dfd_old);
+ errno = 0;
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
--- a/tests-mx32/linkat.c
+++ b/tests-mx32/linkat.c
@@ -10,6 +10,7 @@
#include "tests.h"
#include "scno.h"
+#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@@ -91,6 +92,7 @@ main(void)
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
@@ -112,6 +114,7 @@ main(void)
free(sample_1_secontext);
#endif
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -142,6 +145,7 @@ main(void)
int dfd_old = get_dir_fd(".");
char *cwd = get_fd_path(dfd_old);
+ errno = 0;
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
--
2.1.4

View File

@ -0,0 +1,356 @@
From 4951286eb634c00c11883b851c91f3a21975eabd Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:03:57 +0100
Subject: [PATCH 171/174] tests/secontext: add secontext field getters
* tests/secontext.h (get_secontext_field, get_secontext_field_file): New
declarations.
* tests/secontext.c (get_type_from_context): Rename to...
(get_secontext_field): ...this; remove "static" qualifier; add "field"
argument, use it.
(raw_expected_secontext_short_file, raw_secontext_short_pid): Replace
get_type_from_context call with get_secontext_field.
(get_secontext_field_file): New function.
(raw_secontext_short_file): Replace body with get_secontext_field_file
call.
---
tests/secontext.c | 27 +++++++++++++++------------
tests/secontext.h | 20 ++++++++++++++++++++
2 files changed, 35 insertions(+), 12 deletions(-)
diff --git a/tests/secontext.c b/tests/secontext.c
index 848eea9..52211ed 100644
--- a/tests/secontext.c
+++ b/tests/secontext.c
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
return context;
}
-static char *
-get_type_from_context(const char *full_context)
+char *
+get_secontext_field(const char *full_context, enum secontext_field field)
{
int saved_errno = errno;
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
char *context = NULL;
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
token; token = strtok_r(NULL, ":", &saveptr), i++) {
- if (i == 2) {
+ if (i == field) {
context = xstrdup(token);
break;
}
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
int saved_errno = errno;
char *ctx = raw_expected_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
return full_secontext;
}
-static char *
-raw_secontext_short_file(const char *filename)
+char *
+get_secontext_field_file(const char *file, enum secontext_field field)
{
- int saved_errno = errno;
-
- char *ctx = raw_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *ctx = raw_secontext_full_file(file);
+ char *type = get_secontext_field(ctx, field);
free(ctx);
- errno = saved_errno;
return type;
}
static char *
+raw_secontext_short_file(const char *filename)
+{
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
int saved_errno = errno;
char *ctx = raw_secontext_full_pid(pid);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
diff --git a/tests/secontext.h b/tests/secontext.h
index 1d0251a..e5571d5 100644
--- a/tests/secontext.h
+++ b/tests/secontext.h
@@ -23,6 +23,15 @@ enum secontext_field {
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
+/**
+ * Parse a SELinux context string and return a specified field, duplicated
+ * in a separate string. The caller is responsible for freeing the memory
+ * pointed by the returned value.
+ */
+char *get_secontext_field(const char *full_context, enum secontext_field field);
+
+char *get_secontext_field_file(const char *file, enum secontext_field field);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
#else
+static inline char *
+get_secontext_field(const char *ctx, enum secontext_field field)
+{
+ return NULL;
+}
+static inline char *
+get_secontext_field_file(const char *file, enum secontext_field field)
+{
+ return NULL;
+}
+
static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
index 848eea9..52211ed 100644
--- a/tests-m32/secontext.c
+++ b/tests-m32/secontext.c
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
return context;
}
-static char *
-get_type_from_context(const char *full_context)
+char *
+get_secontext_field(const char *full_context, enum secontext_field field)
{
int saved_errno = errno;
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
char *context = NULL;
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
token; token = strtok_r(NULL, ":", &saveptr), i++) {
- if (i == 2) {
+ if (i == field) {
context = xstrdup(token);
break;
}
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
int saved_errno = errno;
char *ctx = raw_expected_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
return full_secontext;
}
-static char *
-raw_secontext_short_file(const char *filename)
+char *
+get_secontext_field_file(const char *file, enum secontext_field field)
{
- int saved_errno = errno;
-
- char *ctx = raw_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *ctx = raw_secontext_full_file(file);
+ char *type = get_secontext_field(ctx, field);
free(ctx);
- errno = saved_errno;
return type;
}
static char *
+raw_secontext_short_file(const char *filename)
+{
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
int saved_errno = errno;
char *ctx = raw_secontext_full_pid(pid);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
diff --git a/tests-m32/secontext.h b/tests-m32/secontext.h
index 1d0251a..e5571d5 100644
--- a/tests-m32/secontext.h
+++ b/tests-m32/secontext.h
@@ -23,6 +23,15 @@ enum secontext_field {
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
+/**
+ * Parse a SELinux context string and return a specified field, duplicated
+ * in a separate string. The caller is responsible for freeing the memory
+ * pointed by the returned value.
+ */
+char *get_secontext_field(const char *full_context, enum secontext_field field);
+
+char *get_secontext_field_file(const char *file, enum secontext_field field);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
#else
+static inline char *
+get_secontext_field(const char *ctx, enum secontext_field field)
+{
+ return NULL;
+}
+static inline char *
+get_secontext_field_file(const char *file, enum secontext_field field)
+{
+ return NULL;
+}
+
static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
index 848eea9..52211ed 100644
--- a/tests-mx32/secontext.c
+++ b/tests-mx32/secontext.c
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
return context;
}
-static char *
-get_type_from_context(const char *full_context)
+char *
+get_secontext_field(const char *full_context, enum secontext_field field)
{
int saved_errno = errno;
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
char *context = NULL;
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
token; token = strtok_r(NULL, ":", &saveptr), i++) {
- if (i == 2) {
+ if (i == field) {
context = xstrdup(token);
break;
}
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
int saved_errno = errno;
char *ctx = raw_expected_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
return full_secontext;
}
-static char *
-raw_secontext_short_file(const char *filename)
+char *
+get_secontext_field_file(const char *file, enum secontext_field field)
{
- int saved_errno = errno;
-
- char *ctx = raw_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *ctx = raw_secontext_full_file(file);
+ char *type = get_secontext_field(ctx, field);
free(ctx);
- errno = saved_errno;
return type;
}
static char *
+raw_secontext_short_file(const char *filename)
+{
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
int saved_errno = errno;
char *ctx = raw_secontext_full_pid(pid);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
diff --git a/tests-mx32/secontext.h b/tests-mx32/secontext.h
index 1d0251a..e5571d5 100644
--- a/tests-mx32/secontext.h
+++ b/tests-mx32/secontext.h
@@ -23,6 +23,15 @@ enum secontext_field {
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
+/**
+ * Parse a SELinux context string and return a specified field, duplicated
+ * in a separate string. The caller is responsible for freeing the memory
+ * pointed by the returned value.
+ */
+char *get_secontext_field(const char *full_context, enum secontext_field field);
+
+char *get_secontext_field_file(const char *file, enum secontext_field field);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
#else
+static inline char *
+get_secontext_field(const char *ctx, enum secontext_field field)
+{
+ return NULL;
+}
+static inline char *
+get_secontext_field_file(const char *file, enum secontext_field field)
+{
+ return NULL;
+}
+
static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
--
2.1.4

View File

@ -0,0 +1,181 @@
From 97e2742a7f1e6e113354911d04505ada3bfb5d70 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:04:42 +0100
Subject: [PATCH 172/174] tests/linkat: provide fallback values for secontext
fields changes
* tests/linkat.c (mangle_secontext_field): New function.
(main): Replace calls to update_secontext_field
with mangle_secontext_field calls.
---
tests/linkat.c | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/tests/linkat.c b/tests/linkat.c
index c3e2ee4..decb736 100644
--- a/tests/linkat.c
+++ b/tests/linkat.c
@@ -21,6 +21,20 @@
#include "secontext.h"
#include "xmalloc.h"
+static void
+mangle_secontext_field(const char *path, enum secontext_field field,
+ const char *new_val, const char *fallback_val)
+{
+ char *orig = get_secontext_field_file(path, field);
+ if (!orig)
+ return;
+
+ update_secontext_field(path, field,
+ strcmp(new_val, orig) ? new_val : fallback_val);
+
+ free(orig);
+}
+
int
main(void)
{
@@ -93,7 +107,8 @@ main(void)
#ifdef PRINT_SECONTEXT_MISMATCH
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
+ "unconfined_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
# ifdef PRINT_SECONTEXT_FULL
@@ -115,7 +130,8 @@ main(void)
#endif
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -146,7 +162,8 @@ main(void)
char *cwd = get_fd_path(dfd_old);
errno = 0;
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-m32/linkat.c b/tests-m32/linkat.c
index c3e2ee4..decb736 100644
--- a/tests-m32/linkat.c
+++ b/tests-m32/linkat.c
@@ -21,6 +21,20 @@
#include "secontext.h"
#include "xmalloc.h"
+static void
+mangle_secontext_field(const char *path, enum secontext_field field,
+ const char *new_val, const char *fallback_val)
+{
+ char *orig = get_secontext_field_file(path, field);
+ if (!orig)
+ return;
+
+ update_secontext_field(path, field,
+ strcmp(new_val, orig) ? new_val : fallback_val);
+
+ free(orig);
+}
+
int
main(void)
{
@@ -93,7 +107,8 @@ main(void)
#ifdef PRINT_SECONTEXT_MISMATCH
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
+ "unconfined_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
# ifdef PRINT_SECONTEXT_FULL
@@ -115,7 +130,8 @@ main(void)
#endif
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -146,7 +162,8 @@ main(void)
char *cwd = get_fd_path(dfd_old);
errno = 0;
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-mx32/linkat.c b/tests-mx32/linkat.c
index c3e2ee4..decb736 100644
--- a/tests-mx32/linkat.c
+++ b/tests-mx32/linkat.c
@@ -21,6 +21,20 @@
#include "secontext.h"
#include "xmalloc.h"
+static void
+mangle_secontext_field(const char *path, enum secontext_field field,
+ const char *new_val, const char *fallback_val)
+{
+ char *orig = get_secontext_field_file(path, field);
+ if (!orig)
+ return;
+
+ update_secontext_field(path, field,
+ strcmp(new_val, orig) ? new_val : fallback_val);
+
+ free(orig);
+}
+
int
main(void)
{
@@ -93,7 +107,8 @@ main(void)
#ifdef PRINT_SECONTEXT_MISMATCH
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
+ "unconfined_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
# ifdef PRINT_SECONTEXT_FULL
@@ -115,7 +130,8 @@ main(void)
#endif
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -146,7 +162,8 @@ main(void)
char *cwd = get_fd_path(dfd_old);
errno = 0;
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
#ifdef PRINT_SECONTEXT_MISMATCH
--
2.1.4

View File

@ -0,0 +1,63 @@
From 6e8aa3749cb7e11e9a59db996f79f036bf7ef263 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:05:19 +0100
Subject: [PATCH 173/174] tests/secontext: eliminate separate secontext_format
declaration
* tests/secontext.c (secontext_format): Remove declaration, supply
the attributes to the definition.
---
tests/secontext.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/tests/secontext.c b/tests/secontext.c
index 52211ed..ba271c8 100644
--- a/tests/secontext.c
+++ b/tests/secontext.c
@@ -23,10 +23,7 @@
# define TEST_SECONTEXT
# include "secontext.h"
-static char *
-secontext_format(char *context, const char *fmt)
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
-
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
static char *
secontext_format(char *context, const char *fmt)
{
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
index 52211ed..ba271c8 100644
--- a/tests-m32/secontext.c
+++ b/tests-m32/secontext.c
@@ -23,10 +23,7 @@
# define TEST_SECONTEXT
# include "secontext.h"
-static char *
-secontext_format(char *context, const char *fmt)
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
-
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
static char *
secontext_format(char *context, const char *fmt)
{
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
index 52211ed..ba271c8 100644
--- a/tests-mx32/secontext.c
+++ b/tests-mx32/secontext.c
@@ -23,10 +23,7 @@
# define TEST_SECONTEXT
# include "secontext.h"
-static char *
-secontext_format(char *context, const char *fmt)
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
-
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
static char *
secontext_format(char *context, const char *fmt)
{
--
2.1.4

View File

@ -0,0 +1,190 @@
From 78a81bcfb71ef3d9f6e8b1a32e123fbbc6112a60 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:24:34 +0100
Subject: [PATCH 174/174] tests/linkat: reset context to the expected one if a
mismatch has been detected
* tests/secontext.h (reset_secontext_file): New declaration.
* tests/secontext.c (reset_secontext_file): New function.
* tests/linkat.c (main): Check that there is no initial mismatch
in the sample_1 context, reset it otherwise.
---
tests/linkat.c | 3 +++
tests/secontext.c | 7 +++++++
tests/secontext.h | 7 +++++++
3 files changed, 17 insertions(+)
diff --git a/tests/linkat.c b/tests/linkat.c
index decb736..781b85a 100644
--- a/tests/linkat.c
+++ b/tests/linkat.c
@@ -103,6 +103,9 @@ main(void)
if (close(fd_sample_2))
perror_msg_and_fail("close");
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
+ reset_secontext_file(sample_1);
+
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests/secontext.c b/tests/secontext.c
index ba271c8..94fadd4 100644
--- a/tests/secontext.c
+++ b/tests/secontext.c
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
}
+void reset_secontext_file(const char *file)
+{
+ char *proper_ctx = raw_expected_secontext_full_file(file);
+ (void) setfilecon(file, proper_ctx);
+ free(proper_ctx);
+}
+
void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests/secontext.h b/tests/secontext.h
index e5571d5..387263e 100644
--- a/tests/secontext.h
+++ b/tests/secontext.h
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
+void reset_secontext_file(const char *file);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
}
static inline void
+reset_secontext_file(const char *file)
+{
+}
+
+static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
{
diff --git a/tests-m32/linkat.c b/tests-m32/linkat.c
index decb736..781b85a 100644
--- a/tests-m32/linkat.c
+++ b/tests-m32/linkat.c
@@ -103,6 +103,9 @@ main(void)
if (close(fd_sample_2))
perror_msg_and_fail("close");
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
+ reset_secontext_file(sample_1);
+
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
index ba271c8..94fadd4 100644
--- a/tests-m32/secontext.c
+++ b/tests-m32/secontext.c
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
}
+void reset_secontext_file(const char *file)
+{
+ char *proper_ctx = raw_expected_secontext_full_file(file);
+ (void) setfilecon(file, proper_ctx);
+ free(proper_ctx);
+}
+
void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-m32/secontext.h b/tests-m32/secontext.h
index e5571d5..387263e 100644
--- a/tests-m32/secontext.h
+++ b/tests-m32/secontext.h
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
+void reset_secontext_file(const char *file);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
}
static inline void
+reset_secontext_file(const char *file)
+{
+}
+
+static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
{
diff --git a/tests-mx32/linkat.c b/tests-mx32/linkat.c
index decb736..781b85a 100644
--- a/tests-mx32/linkat.c
+++ b/tests-mx32/linkat.c
@@ -103,6 +103,9 @@ main(void)
if (close(fd_sample_2))
perror_msg_and_fail("close");
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
+ reset_secontext_file(sample_1);
+
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
index ba271c8..94fadd4 100644
--- a/tests-mx32/secontext.c
+++ b/tests-mx32/secontext.c
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
}
+void reset_secontext_file(const char *file)
+{
+ char *proper_ctx = raw_expected_secontext_full_file(file);
+ (void) setfilecon(file, proper_ctx);
+ free(proper_ctx);
+}
+
void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-mx32/secontext.h b/tests-mx32/secontext.h
index e5571d5..387263e 100644
--- a/tests-mx32/secontext.h
+++ b/tests-mx32/secontext.h
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
+void reset_secontext_file(const char *file);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
}
static inline void
+reset_secontext_file(const char *file)
+{
+}
+
+static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
{
--
2.1.4

View File

@ -1,7 +1,7 @@
Summary: Tracks and displays system calls associated with a running process Summary: Tracks and displays system calls associated with a running process
Name: strace Name: strace
Version: 5.13 Version: 5.13
Release: 5%{?dist} Release: 7%{?dist}
# The test suite is GPLv2+, all the rest is LGPLv2.1+. # The test suite is GPLv2+, all the rest is LGPLv2.1+.
License: LGPL-2.1+ and GPL-2.0+ License: LGPL-2.1+ and GPL-2.0+
# Some distros require Group tag to be present, # Some distros require Group tag to be present,
@ -57,6 +57,16 @@ Patch154: 0154-tests-call-setsockopt-directly-in-sockopt-timestamp.patch
# v5.15~1 "print_ifindex: fix IFNAME_QUOTED_SZ definition" # v5.15~1 "print_ifindex: fix IFNAME_QUOTED_SZ definition"
Patch167: 0167-print_ifindex-fix-IFNAME_QUOTED_SZ-definition.patch Patch167: 0167-print_ifindex-fix-IFNAME_QUOTED_SZ-definition.patch
# v5.15~18 "m4: fix st_SELINUX check"
Patch168: 0168-m4-fix-st_SELINUX-check.patch
# v5.16~31 "Implement displaying of expected context upon mismatch"
Patch169: 0169-Implement-displaying-of-expected-context-upon-mismat.patch
Patch170: 0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch
Patch171: 0171-tests-secontext-add-secontext-field-getters.patch
Patch172: 0172-tests-linkat-provide-fallback-values-for-secontext-f.patch
Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch
Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
# Fallback definitions for make_build/make_install macros # Fallback definitions for make_build/make_install macros
%{?!__make: %global __make %_bindir/make} %{?!__make: %global __make %_bindir/make}
%{?!__install: %global __install %_bindir/install} %{?!__install: %global __install %_bindir/install}
@ -85,6 +95,14 @@ received by a process.
%patch167 -p1 %patch167 -p1
%patch168 -p1
%patch169 -p1
%patch170 -p1
%patch171 -p1
%patch172 -p1
%patch173 -p1
%patch174 -p1
echo -n %version-%release > .tarball-version echo -n %version-%release > .tarball-version
echo -n 2021 > .year echo -n 2021 > .year
echo -n 2021-07-20 > doc/.strace.1.in.date echo -n 2021-07-20 > doc/.strace.1.in.date
@ -141,6 +159,13 @@ echo 'END OF TEST SUITE INFORMATION'
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-7
- Update tests-m32 and tests-mx32 with --secontext=mismatch option support
changes (#2046264).
* Wed Jan 19 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-6
- Add --secontext=mismatch option support (#2038965).
* Wed Jan 05 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-5 * Wed Jan 05 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-5
- Fix incorrect ifname printing buffer size (#2028166). - Fix incorrect ifname printing buffer size (#2028166).