On Fri, Oct 24, 2008 at 03:38:15PM -0700, Timothy Renner wrote: > > Is there any debug stream available that can tell me what is being > processed by the SELinux system? Specifically, I'd like to be able to > follow the trail from starting an executable, through its state > transitions, what files it reads, and what their file contexts are, and > what transitions happen as it calls external programs. Most of this is visible in strace. Some post processing will fill in the gaps. Try something like: strace -f -o /tmp/trace-my-subshell sh bash id program exit exit Look at the system calls for mmap, fstat, setcon, open, read, write, access, close, etc. to see what files it reads, attempts to read, writes, attempts to write, libraries and so on. After building a list of files you can use 'stat' to learn what the context of each file is. $ stat -Z /etc/shadow $ stat -Z /etc/passwd Most but not all interactions can just be seen with strace. If you are more interested in tracing SELinux itself some value may be found by running in permissive mode. Like tracing SUID/SGID processes Hawthorne and Heisenberg issues come to play. You will not be able to trace stuff beyond your level. -- T o m M i t c h e l l Found me a new hat, now what? -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
