[2/2] sestatus: show checkreqprot status

Commit Message

Jann Horn via Selinux May 6, 2017, 1:08 p.m. UTC

Show the current active checkreqprot state in sestatus
---
 policycoreutils/sestatus/sestatus.8 |  2 ++
 policycoreutils/sestatus/sestatus.c | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

Comments

Stephen Smalley May 8, 2017, 4:47 p.m. UTC | #1

On Sat, 2017-05-06 at 15:08 +0200, Christian Göttsche via Selinux
wrote:
> Show the current active checkreqprot state in sestatus

Thanks, applied.  Please add a signed-off-by line in the future.

> ---
>  policycoreutils/sestatus/sestatus.8 |  2 ++
>  policycoreutils/sestatus/sestatus.c | 14 ++++++++++++++
>  2 files changed, 16 insertions(+)
> 
> diff --git a/policycoreutils/sestatus/sestatus.8
> b/policycoreutils/sestatus/sestatus.8
> index 51ff0566..a89c53fd 100644
> --- a/policycoreutils/sestatus/sestatus.8
> +++ b/policycoreutils/sestatus/sestatus.8
> @@ -33,6 +33,8 @@ Policy MLS status:           enabled
>  .br
>  Policy deny_unknown status:  allow
>  .br
> +Memory protection checking:  actual (secure)
> +.br
>  Max kernel policy version:   26
>  .RE
>  .sp
> diff --git a/policycoreutils/sestatus/sestatus.c
> b/policycoreutils/sestatus/sestatus.c
> index 2111b15d..b05e794c 100644
> --- a/policycoreutils/sestatus/sestatus.c
> +++ b/policycoreutils/sestatus/sestatus.c
> @@ -330,6 +330,20 @@ int main(int argc, char **argv)
>  			break;
>  	}
>  
> +	printf_tab("Memory protection checking:");
> +	rc = security_get_checkreqprot();
> +	switch (rc) {
> +		case 0:
> +			printf("actual (secure)\n");
> +			break;
> +		case 1:
> +			printf("requested (insecure)\n");
> +			break;
> +		default:
> +			printf("error (%s)\n", strerror(errno));
> +			break;
> +	}
> +
>  	rc = security_policyvers();
>  	printf_tab("Max kernel policy version:");
>  	if (rc < 0)

Patch

diff --git a/policycoreutils/sestatus/sestatus.8 b/policycoreutils/sestatus/sestatus.8
index 51ff0566..a89c53fd 100644
--- a/policycoreutils/sestatus/sestatus.8
+++ b/policycoreutils/sestatus/sestatus.8
@@ -33,6 +33,8 @@  Policy MLS status:           enabled
 .br
 Policy deny_unknown status:  allow
 .br
+Memory protection checking:  actual (secure)
+.br
 Max kernel policy version:   26
 .RE
 .sp
diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c
index 2111b15d..b05e794c 100644
--- a/policycoreutils/sestatus/sestatus.c
+++ b/policycoreutils/sestatus/sestatus.c
@@ -330,6 +330,20 @@  int main(int argc, char **argv)
 			break;
 	}
 
+	printf_tab("Memory protection checking:");
+	rc = security_get_checkreqprot();
+	switch (rc) {
+		case 0:
+			printf("actual (secure)\n");
+			break;
+		case 1:
+			printf("requested (insecure)\n");
+			break;
+		default:
+			printf("error (%s)\n", strerror(errno));
+			break;
+	}
+
 	rc = security_policyvers();
 	printf_tab("Max kernel policy version:");
 	if (rc < 0)