RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-25 23:42:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

sestatus: resolve symlinks in path when looking for a process

Browse Source 
"sestatus -v" uses /proc/$PID/exe symbolic link in order to find the
context of processes present in /etc/sestatus.conf. For example, this
file includes "/usr/sbin/sshd".

On Arch Linux, /bin, /sbin and /usr/sbin are symbolic links to /usr/bin,
so sshd process is seen as "/usr/bin/sshd" instead of "/usr/sbin/sshd".
This causes "sestatus -v" to show nothing in "Process contexts:" for
sshd, agetty, etc.

Use realpath() to resolve any symlink components in program paths
defined in /etc/sestatus.conf. This makes "sestatus -v" show the
expected result:

    Process contexts:
    Current context:                sysadm_u:sysadm_r:sysadm_t
    Init context:                   system_u:system_r:init_t
    /sbin/agetty                    system_u:system_r:getty_t
    /usr/sbin/sshd                  system_u:system_r:sshd_t

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2018-04-22 21:21:47 +02:00 committed by William Roberts
parent 87a58b6b4e
commit 0f99a3126c
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
policycoreutils/sestatus/sestatus.c
View File

@ -61,6 +61,7 @@ int cmp_cmdline(const char *command, int pid)
int pidof(const char *command)
{
/* inspired by killall5.c from psmisc */
char stackpath[PATH_MAX + 1], *p;
DIR *dir;
struct dirent *de;
int pid, ret = -1, self = getpid();
@ -70,6 +71,11 @@ int pidof(const char *command)
return -1;
}
/* Resolve the path if it contains symbolic links */
p = realpath(command, stackpath);
if (p)
command = p;
while ((de = readdir(dir)) != NULL) {
errno = 0;
pid = (int)strtol(de->d_name, (char **)NULL, 10);