Message ID | 20200110141509.21098-4-cgzones@googlemail.com (mailing list archive) |
---|---|
State | RFC |
Headers | show |
Series | Add policy capability for systemd overhaul | expand |
On 1/10/20 9:15 AM, Christian Göttsche wrote: > --- > libselinux/utils/.gitignore | 1 + > libselinux/utils/polcap_enabled.c | 30 ++++++++++++++++++++++++++++++ > 2 files changed, 31 insertions(+) > create mode 100644 libselinux/utils/polcap_enabled.c > > diff --git a/libselinux/utils/.gitignore b/libselinux/utils/.gitignore > index 3ef34374..bfe1db4d 100644 > --- a/libselinux/utils/.gitignore > +++ b/libselinux/utils/.gitignore > @@ -12,6 +12,7 @@ getpidcon > getsebool > getseuser > matchpathcon > +polcap_enabled > policyvers > sefcontext_compile > selabel_digest > diff --git a/libselinux/utils/polcap_enabled.c b/libselinux/utils/polcap_enabled.c > new file mode 100644 > index 00000000..e984d1e4 > --- /dev/null > +++ b/libselinux/utils/polcap_enabled.c > @@ -0,0 +1,30 @@ > +#include <errno.h> > +#include <stdio.h> > +#include <string.h> > + > +#include <selinux/selinux.h> > + > +int main(int argc, char **argv) > +{ > + int ret; > + > + if (argc != 2) { > + printf("usage: %s polcap_name\n", argv[0]); > + return 1; > + } > + > + ret = security_is_policy_capability_enabled(argv[1]); > + > + if (ret == 1) > + printf("enabled\n"); > + else if (ret == 0) > + printf("disabled\n"); > + else if (errno == ENOTSUP) > + printf("not supported\n"); > + else { > + printf("error (%d): %s\n", errno, strerror(errno)); > + return 1; > + } > + > + return 0; > +} For new libselinux utilities, let's try to use some kind of unique prefix to help avoid collisions for distros that install these programs. selinux_ should be fine.
diff --git a/libselinux/utils/.gitignore b/libselinux/utils/.gitignore index 3ef34374..bfe1db4d 100644 --- a/libselinux/utils/.gitignore +++ b/libselinux/utils/.gitignore @@ -12,6 +12,7 @@ getpidcon getsebool getseuser matchpathcon +polcap_enabled policyvers sefcontext_compile selabel_digest diff --git a/libselinux/utils/polcap_enabled.c b/libselinux/utils/polcap_enabled.c new file mode 100644 index 00000000..e984d1e4 --- /dev/null +++ b/libselinux/utils/polcap_enabled.c @@ -0,0 +1,30 @@ +#include <errno.h> +#include <stdio.h> +#include <string.h> + +#include <selinux/selinux.h> + +int main(int argc, char **argv) +{ + int ret; + + if (argc != 2) { + printf("usage: %s polcap_name\n", argv[0]); + return 1; + } + + ret = security_is_policy_capability_enabled(argv[1]); + + if (ret == 1) + printf("enabled\n"); + else if (ret == 0) + printf("disabled\n"); + else if (errno == ENOTSUP) + printf("not supported\n"); + else { + printf("error (%d): %s\n", errno, strerror(errno)); + return 1; + } + + return 0; +}