[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [PATCH 2/8] busybox -- libselinux utilities applets
From: KaiGai Kohei <kaigai () kaigai ! gr ! jp>
Date: 2007-01-29 13:47:24
Message-ID: 45BDFAEC.2050500 () kaigai ! gr ! jp
[Download RAW message or body]
Denis, Thanks for your comments.
The attached patch uses bb_error_msg_and_die() instead of bb_error_msg()
and error exit, and remove redundant headers.
Thanks,
Denis Vlasenko wrote:
> On Thursday 25 January 2007 15:44, KaiGai Kohei wrote:
>> [2/8] busybox-libselinux-02-getenforce.patch
>> getenforce - get the current mode of SELinux.
>> SELinux has two mode. 'Enforcing' is the one, it enables
>> mandatory access control based on the security policy.
>> The other is 'Permissive' mode. It enables to evaluate
>> security policy and output audit messages, if violated.
>> But mandatory access control was not done. It was used
>> to debug policy.
>>
>> Signed-off-by: Hiroshi Shinji <shiroshi@my.email.ne.jp>
>> Signed-off-by: KaiGai Kohei <kaigai@kaigai.gr.jp>
>>
>> --
>> KaiGai Kohei <kaigai@kaigai.gr.jp>
>
> --- selinux/getenforce.c (revision 0)
> +++ selinux/getenforce.c (revision 0)
> @@ -0,0 +1,40 @@
> +/*
> + * getenforce
> + *
> + * Based on libselinux 1.33.1
> + * Port to BusyBox Hiroshi Shinji <shiroshi@my.email.ne.jp>
> + *
> + */
> +
> +#include "busybox.h"
> +#include <unistd.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <selinux/selinux.h>
> +
> +int getenforce_main(int argc, char **argv)
> +{
> + int rc;
> +
> + rc = is_selinux_enabled();
> + if (rc < 0) {
> + bb_error_msg("is_selinux_enabled() failed");
> + return 2;
>
> Will bb_error_msg_and_die work here?
>
> + }
> + if (rc == 1) {
> + rc = security_getenforce();
> + if (rc < 0) {
> + bb_error_msg("getenforce() failed");
> + return 2;
> + }
> +
> + if (rc)
> + puts("Enforcing");
> + else
> + puts("Permissive");
> + } else {
> + puts("Disabled");
> + }
> +
> + return 0;
> +}
>
>
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
["busybox-libselinux-02-getenforce.v2.patch" (text/x-patch)]
Index: selinux/getenforce.c
===================================================================
--- selinux/getenforce.c (revision 0)
+++ selinux/getenforce.c (revision 0)
@@ -0,0 +1,34 @@
+/*
+ * getenforce
+ *
+ * Based on libselinux 1.33.1
+ * Port to BusyBox Hiroshi Shinji <shiroshi@my.email.ne.jp>
+ *
+ */
+
+#include "busybox.h"
+#include <selinux/selinux.h>
+
+int getenforce_main(int argc, char **argv)
+{
+ int rc;
+
+ rc = is_selinux_enabled();
+ if (rc < 0)
+ bb_error_msg_and_die("is_selinux_enabled() failed");
+
+ if (rc == 1) {
+ rc = security_getenforce();
+ if (rc < 0)
+ bb_error_msg_and_die("getenforce() failed");
+
+ if (rc)
+ puts("Enforcing");
+ else
+ puts("Permissive");
+ } else {
+ puts("Disabled");
+ }
+
+ return 0;
+}
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic