Commit Graph

7 Commits

Author SHA1 Message Date
Jason Zaman
42f0376228 sestatus: include limits.h for PATH_MAX
compile fails on musl libc because it cant find PATH_MAX.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2018-05-16 16:27:17 +08:00
Nicolas Iooss
20a324b591 sestatus: free process and file contexts which are checked
clang's static analyzer reports a potential memory leak because the
buffers allocated in pc and fc are not freed in main(), in sestatus.c.
Free these buffers properly.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-04-25 10:09:13 -07:00
Nicolas Iooss
0f99a3126c sestatus: resolve symlinks in path when looking for a process
"sestatus -v" uses /proc/$PID/exe symbolic link in order to find the
context of processes present in /etc/sestatus.conf. For example, this
file includes "/usr/sbin/sshd".

On Arch Linux, /bin, /sbin and /usr/sbin are symbolic links to /usr/bin,
so sshd process is seen as "/usr/bin/sshd" instead of "/usr/sbin/sshd".
This causes "sestatus -v" to show nothing in "Process contexts:" for
sshd, agetty, etc.

Use realpath() to resolve any symlink components in program paths
defined in /etc/sestatus.conf. This makes "sestatus -v" show the
expected result:

    Process contexts:
    Current context:                sysadm_u:sysadm_r:sysadm_t
    Init context:                   system_u:system_r:init_t
    /sbin/agetty                    system_u:system_r:getty_t
    /usr/sbin/sshd                  system_u:system_r:sshd_t

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-04-25 10:09:13 -07:00
Christian Göttsche
3376ac498e sestatus: show checkreqprot status
Show the current active checkreqprot state in sestatus
2017-05-08 12:44:12 -04:00
Eric Paris
5c0d7113de policycoreutils: sestatus: rewrite to shut up coverity
The code did:

len = strlen(string);
new_string = malloc(len);
strncpy(new_string, string, len - 1)

Which is perfectly legal, but it pissed off coverity because 99/100
times if you do new_string = malloc(strlen(string)) you are doing it
wrong (you didn't leave room for the nul).  I rewrote that area to just
use strdup and then to blank out the last character with a nul.  It's
clear what's going on and nothing looks 'tricky'.  It does cost us 1
byte of heap allocation.  I think we can live with that to have safer
looking string handling code.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:51 -05:00
Richard Haines
3e870d7c9b policycoreutils: sestatus: Updated sestatus and man pages.
sestatus has been modified to present additional information: SELinux root
directory, MLS flag and the deny_unknow flag. The man page has been updated
to reflect these changes and an sestatus.conf(5) man page has also been added.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Joshua Brindle
13cd4c8960 initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00