[LTP] [PATCH v2 2/3] lib: Add tst_selinux_enforcing()
Petr Vorel
pvorel@suse.cz
Wed Mar 20 11:22:03 CET 2024
Reviewed-by: Li Wang <liwang@redhat.com>
Co-developed-by: Mete Durlu <meted@linux.ibm.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
changes v1->v2:
* Add selinux to tst_security.c instead of it's own C file.
include/tst_security.h | 1 +
lib/tst_security.c | 18 ++++++++++++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/include/tst_security.h b/include/tst_security.h
index 438b16dbb..5d91f8a98 100644
--- a/include/tst_security.h
+++ b/include/tst_security.h
@@ -13,5 +13,6 @@ int tst_fips_enabled(void);
int tst_lockdown_enabled(void);
int tst_secureboot_enabled(void);
+int tst_selinux_enforcing(void);
#endif /* TST_SECURITY_H__ */
diff --git a/lib/tst_security.c b/lib/tst_security.c
index 0fc704dfa..7d929fafe 100644
--- a/lib/tst_security.c
+++ b/lib/tst_security.c
@@ -7,6 +7,7 @@
#define PATH_FIPS "/proc/sys/crypto/fips_enabled"
#define PATH_LOCKDOWN "/sys/kernel/security/lockdown"
+#define SELINUX_STATUS_PATH "/sys/fs/selinux/enforce"
#if defined(__powerpc64__) || defined(__ppc64__)
# define SECUREBOOT_VAR "/proc/device-tree/ibm,secure-boot"
@@ -16,6 +17,7 @@
# define VAR_DATA_SIZE 5
#endif
+#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/mount.h>
@@ -30,11 +32,11 @@ int tst_fips_enabled(void)
{
int fips = 0;
- if (access(PATH_FIPS, R_OK) == 0) {
+ if (access(PATH_FIPS, R_OK) == 0)
SAFE_FILE_SCANF(PATH_FIPS, "%d", &fips);
- }
tst_res(TINFO, "FIPS: %s", fips ? "on" : "off");
+
return fips;
}
@@ -99,3 +101,15 @@ int tst_secureboot_enabled(void)
tst_res(TINFO, "SecureBoot: %s", data[VAR_DATA_SIZE - 1] ? "on" : "off");
return data[VAR_DATA_SIZE - 1];
}
+
+int tst_selinux_enforcing(void)
+{
+ int res = 0;
+
+ if (access(SELINUX_STATUS_PATH, F_OK) == 0)
+ SAFE_FILE_SCANF(SELINUX_STATUS_PATH, "%d", &res);
+
+ tst_res(TINFO, "SELinux enforcing: %s", res ? "on" : "off");
+
+ return res;
+}
--
2.43.0
More information about the ltp
mailing list