[PATCH 2/8] busybox -- libselinux utilities applets
Denis Vlasenko
vda.linux at googlemail.com
Fri Jan 26 23:54:34 UTC 2007
On Thursday 25 January 2007 15:44, KaiGai Kohei wrote:
> [2/8] busybox-libselinux-02-getenforce.patch
> getenforce - get the current mode of SELinux.
> SELinux has two mode. 'Enforcing' is the one, it enables
> mandatory access control based on the security policy.
> The other is 'Permissive' mode. It enables to evaluate
> security policy and output audit messages, if violated.
> But mandatory access control was not done. It was used
> to debug policy.
>
> Signed-off-by: Hiroshi Shinji <shiroshi at my.email.ne.jp>
> Signed-off-by: KaiGai Kohei <kaigai at kaigai.gr.jp>
>
> --
> KaiGai Kohei <kaigai at kaigai.gr.jp>
--- selinux/getenforce.c (revision 0)
+++ selinux/getenforce.c (revision 0)
@@ -0,0 +1,40 @@
+/*
+ * getenforce
+ *
+ * Based on libselinux 1.33.1
+ * Port to BusyBox Hiroshi Shinji <shiroshi at my.email.ne.jp>
+ *
+ */
+
+#include "busybox.h"
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int getenforce_main(int argc, char **argv)
+{
+ int rc;
+
+ rc = is_selinux_enabled();
+ if (rc < 0) {
+ bb_error_msg("is_selinux_enabled() failed");
+ return 2;
Will bb_error_msg_and_die work here?
+ }
+ if (rc == 1) {
+ rc = security_getenforce();
+ if (rc < 0) {
+ bb_error_msg("getenforce() failed");
+ return 2;
+ }
+
+ if (rc)
+ puts("Enforcing");
+ else
+ puts("Permissive");
+ } else {
+ puts("Disabled");
+ }
+
+ return 0;
+}
More information about the busybox
mailing list