feat: report process MAC labels

This will be useful for debugging process access rights once we start implementing SELinux

Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>

Author: dsseng

api/machine/machine.proto

@@ -650,6 +650,7 @@ message ProcessInfo {
   string command = 8;
   string executable = 9;
   string args = 10;
+  string label = 11;
 }
 
 // rpc restart

cmd/talosctl/cmd/talos/processes.go

@@ -190,7 +190,7 @@ func processesOutput(ctx context.Context, c *client.Client) (output string, err
 
 	s := []string{}
 
-	s = append(s, "NODE | PID | STATE | THREADS | CPU-TIME | VIRTMEM | RESMEM | COMMAND")
+	s = append(s, "NODE | PID | STATE | THREADS | CPU-TIME | VIRTMEM | RESMEM | LABEL | COMMAND")
 
 	for _, msg := range resp.Messages {
 		procs := msg.Processes
@@ -221,8 +221,8 @@ func processesOutput(ctx context.Context, c *client.Client) (output string, err
 			}
 
 			s = append(s,
-				fmt.Sprintf("%12s | %6d | %1s | %4d | %8.2f | %7s | %7s | %s",
-					node, p.Pid, p.State, p.Threads, p.CpuTime, humanize.Bytes(p.VirtualMemory), humanize.Bytes(p.ResidentMemory), args))
+				fmt.Sprintf("%12s | %6d | %1s | %4d | %8.2f | %7s | %7s | %64s | %s",
+					node, p.Pid, p.State, p.Threads, p.CpuTime, humanize.Bytes(p.VirtualMemory), humanize.Bytes(p.ResidentMemory), p.Label, args))
 		}
 	}
 

internal/pkg/miniprocfs/processes.go

@@ -161,6 +161,12 @@ func (procs *Processes) readProc(pidString string) (*machine.ProcessInfo, error)
 		return nil, err
 	}
 
+	var label string
+
+	if err = procs.readFileIntoBuf(path + "attr/current"); err == nil {
+		label = string(bytes.TrimSpace(procs.buf))
+	}
+
 	return &machine.ProcessInfo{
 		Pid:            int32(pid),
 		Ppid:           int32(ppid),
@@ -172,6 +178,7 @@ func (procs *Processes) readProc(pidString string) (*machine.ProcessInfo, error)
 		Command:        command,
 		Executable:     executable,
 		Args:           args,
+		Label:          label,
 	}, nil
 }