Book Image

SELinux Cookbook

By : Sven Vermeulen
Book Image

SELinux Cookbook

By: Sven Vermeulen

Overview of this book

Table of Contents (17 chapters)
SELinux Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Using strace to clarify permission issues


The strace application is a popular debugging application on Linux systems. It allows developers and administrators to look at various system calls made by an application. As SELinux often has access controls on specific system calls, using strace can prove to be very useful in debugging permission issues.

How to do it…

To properly use strace, follow the next set of steps:

  1. Enable the allow_ptrace Boolean:

    ~# setsebool allow_ptrace on
    
  2. Run the application with strace:

    ~$ strace -o strace.log -f -s 256 tmux
    
  3. In the resulting logfile, look for the error message that needs to be debugged.

How it works…

The allow_ptrace Boolean (on some distributions, the inverse Boolean called deny_ptrace is available) needs to be toggled so that the domain that calls strace can use ptrace (the method that strace uses to view system calls) against the target domain. As the ptrace method can be a security concern (it allows reading target process' memory, for instance), it is...