feat: report process MAC labels

This will be useful for debugging process access rights once we start implementing SELinux

Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>

api/machine/machine.proto

@@ -650,6 +650,7 @@ message ProcessInfo {
  string command = 8;
  string executable = 9;
  string args = 10;
+ string label = 11;
 }
 
 // rpc restart

cmd/talosctl/cmd/talos/processes.go

@@ -190,7 +190,7 @@ func processesOutput(ctx context.Context, c *client.Client) (output string, err
 
  s := []string{}
 
- s = append(s, "NODE | PID | STATE | THREADS | CPU-TIME | VIRTMEM | RESMEM | COMMAND")
+ s = append(s, "NODE | PID | STATE | THREADS | CPU-TIME | VIRTMEM | RESMEM | LABEL | COMMAND")
 
  for _, msg := range resp.Messages {
  procs := msg.Processes
@@ -221,8 +221,8 @@ func processesOutput(ctx context.Context, c *client.Client) (output string, err
  }
 
  s = append(s,
- fmt.Sprintf("%12s | %6d | %1s | %4d | %8.2f | %7s | %7s | %s",
- node, p.Pid, p.State, p.Threads, p.CpuTime, humanize.Bytes(p.VirtualMemory), humanize.Bytes(p.ResidentMemory), args))
+ fmt.Sprintf("%12s | %6d | %1s | %4d | %8.2f | %7s | %7s | %64s | %s",
+ node, p.Pid, p.State, p.Threads, p.CpuTime, humanize.Bytes(p.VirtualMemory), humanize.Bytes(p.ResidentMemory), p.Label, args))
  }
  }
 

internal/pkg/miniprocfs/processes.go

@@ -161,6 +161,12 @@ func (procs *Processes) readProc(pidString string) (*machine.ProcessInfo, error)
  return nil, err
  }
 
+ var label string
+
+ if err = procs.readFileIntoBuf(path + "attr/current"); err == nil {
+ label = string(bytes.TrimSpace(procs.buf))
+ }
+
  return &machine.ProcessInfo{
  Pid: int32(pid),
  Ppid: int32(ppid),
@@ -172,6 +178,7 @@ func (procs *Processes) readProc(pidString string) (*machine.ProcessInfo, error)
  Command: command,
  Executable: executable,
  Args: args,
+ Label: label,
  }, nil
 }