selinux/policycoreutils/sestatus
Nicolas Iooss 0f99a3126c sestatus: resolve symlinks in path when looking for a process
"sestatus -v" uses /proc/$PID/exe symbolic link in order to find the
context of processes present in /etc/sestatus.conf. For example, this
file includes "/usr/sbin/sshd".

On Arch Linux, /bin, /sbin and /usr/sbin are symbolic links to /usr/bin,
so sshd process is seen as "/usr/bin/sshd" instead of "/usr/sbin/sshd".
This causes "sestatus -v" to show nothing in "Process contexts:" for
sshd, agetty, etc.

Use realpath() to resolve any symlink components in program paths
defined in /etc/sestatus.conf. This makes "sestatus -v" show the
expected result:

    Process contexts:
    Current context:                sysadm_u:sysadm_r:sysadm_t
    Init context:                   system_u:system_r:init_t
    /sbin/agetty                    system_u:system_r:getty_t
    /usr/sbin/sshd                  system_u:system_r:sshd_t

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-04-25 10:09:13 -07:00
..
Makefile policycoreutils: build: follow standard semantics for DESTDIR and PREFIX 2018-02-14 20:02:01 +01:00
sestatus.8 sestatus: show checkreqprot status 2017-05-08 12:44:12 -04:00
sestatus.c sestatus: resolve symlinks in path when looking for a process 2018-04-25 10:09:13 -07:00
sestatus.conf initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
sestatus.conf.5 policycoreutils: Fix cases where hyphen were used as minus sign in manpages 2013-10-16 15:12:10 -04:00