[v2,2/3] lib: Add tst_selinux_enforcing()

Message ID	20240320102204.475230-3-pvorel@suse.cz
State	Changes Requested
Headers	show Return-Path: <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it> From: Petr Vorel <pvorel@suse.cz> To: ltp@lists.linux.it Date: Wed, 20 Mar 2024 11:22:03 +0100 Message-ID: <20240320102204.475230-3-pvorel@suse.cz> In-Reply-To: <20240320102204.475230-1-pvorel@suse.cz> References: <20240320102204.475230-1-pvorel@suse.cz> MIME-Version: 1.0 Subject: [LTP] [PATCH v2 2/3] lib: Add tst_selinux_enforcing() Precedence: list Cc: Mete Durlu <meted@linux.ibm.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>
Series	fanotify14 on SELinux fix + lib source merge \| expand [v2,0/3] fanotify14 on SELinux fix + lib source merge [v2,1/3] lib: Merge security related sources [v2,2/3] lib: Add tst_selinux_enforcing() [v2,3/3] fanotify14: fix anonymous pipe testcases

Message ID

20240320102204.475230-3-pvorel@suse.cz

State

Changes Requested

Headers

From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Date: Wed, 20 Mar 2024 11:22:03 +0100
Message-ID: <20240320102204.475230-3-pvorel@suse.cz>
In-Reply-To: <20240320102204.475230-1-pvorel@suse.cz>
References: <20240320102204.475230-1-pvorel@suse.cz>
MIME-Version: 1.0
Subject: [LTP] [PATCH v2 2/3] lib: Add tst_selinux_enforcing()
Precedence: list
Cc: Mete Durlu <meted@linux.ibm.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it
Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>

Series

fanotify14 on SELinux fix + lib source merge | expand

Commit Message

Petr Vorel March 20, 2024, 10:22 a.m. UTC

Reviewed-by: Li Wang <liwang@redhat.com>
Co-developed-by: Mete Durlu <meted@linux.ibm.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
changes v1->v2:
* Add selinux to tst_security.c instead of it's own C file.

 include/tst_security.h |  1 +
 lib/tst_security.c     | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

Comments

Cyril Hrubis March 26, 2024, 10:26 a.m. UTC | #1

Hi!
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

diff --git a/include/tst_security.h b/include/tst_security.h
index 438b16dbb..5d91f8a98 100644
--- a/include/tst_security.h
+++ b/include/tst_security.h
@@ -13,5 +13,6 @@  int tst_fips_enabled(void);
 
 int tst_lockdown_enabled(void);
 int tst_secureboot_enabled(void);
+int tst_selinux_enforcing(void);
 
 #endif /* TST_SECURITY_H__ */
diff --git a/lib/tst_security.c b/lib/tst_security.c
index 0fc704dfa..7d929fafe 100644
--- a/lib/tst_security.c
+++ b/lib/tst_security.c
@@ -7,6 +7,7 @@ 
 
 #define PATH_FIPS	"/proc/sys/crypto/fips_enabled"
 #define PATH_LOCKDOWN	"/sys/kernel/security/lockdown"
+#define SELINUX_STATUS_PATH "/sys/fs/selinux/enforce"
 
 #if defined(__powerpc64__) || defined(__ppc64__)
 # define SECUREBOOT_VAR "/proc/device-tree/ibm,secure-boot"
@@ -16,6 +17,7 @@ 
 # define VAR_DATA_SIZE 5
 #endif
 
+#include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/mount.h>
@@ -30,11 +32,11 @@  int tst_fips_enabled(void)
 {
 	int fips = 0;
 
-	if (access(PATH_FIPS, R_OK) == 0) {
+	if (access(PATH_FIPS, R_OK) == 0)
 		SAFE_FILE_SCANF(PATH_FIPS, "%d", &fips);
-	}
 
 	tst_res(TINFO, "FIPS: %s", fips ? "on" : "off");
+
 	return fips;
 }
 
@@ -99,3 +101,15 @@  int tst_secureboot_enabled(void)
 	tst_res(TINFO, "SecureBoot: %s", data[VAR_DATA_SIZE - 1] ? "on" : "off");
 	return data[VAR_DATA_SIZE - 1];
 }
+
+int tst_selinux_enforcing(void)
+{
+	int res = 0;
+
+	if (access(SELINUX_STATUS_PATH, F_OK) == 0)
+		SAFE_FILE_SCANF(SELINUX_STATUS_PATH, "%d", &res);
+
+	tst_res(TINFO, "SELinux enforcing: %s", res ? "on" : "off");
+
+	return res;
+}

[v2,2/3] lib: Add tst_selinux_enforcing()

Commit Message

Comments

Patch