Using strace to clarify permission issues
The strace application is a popular debugging application on Linux systems. It allows developers and administrators to look at various system calls made by an application. As SELinux often has access controls on specific system calls, using strace can prove to be very useful in debugging permission issues.
How to do it…
To properly use strace, follow the next set of steps:
Enable the
allow_ptraceBoolean:~# setsebool allow_ptrace onRun the application with
strace:~$ strace -o strace.log -f -s 256 tmuxIn the resulting logfile, look for the error message that needs to be debugged.
How it works…
The allow_ptrace Boolean (on some distributions, the inverse Boolean called deny_ptrace is available) needs to be toggled so that the domain that calls strace can use ptrace (the method that strace uses to view system calls) against the target domain. As the ptrace method can be a security concern (it allows reading target process' memory, for instance), it is...
