mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
condition: detect TOMOYO MAC (#7249)
TOMOYO is a Mandatory Access Control security module for Linux. Rather than ship rules, TOMOYO features a learning mode. http://tomoyo.osdn.jp/ http://tomoyo.osdn.jp/2.5/index.html.en
This commit is contained in:
parent
4b742c8acd
commit
ed440f6be9
@ -952,6 +952,7 @@
|
||||
system. Currently, the recognized values are
|
||||
<varname>selinux</varname>,
|
||||
<varname>apparmor</varname>,
|
||||
<varname>tomoyo</varname>,
|
||||
<varname>ima</varname>,
|
||||
<varname>smack</varname> and
|
||||
<varname>audit</varname>. The test may be negated by
|
||||
|
@ -54,6 +54,7 @@
|
||||
#include "stat-util.h"
|
||||
#include "string-table.h"
|
||||
#include "string-util.h"
|
||||
#include "tomoyo-util.h"
|
||||
#include "user-util.h"
|
||||
#include "util.h"
|
||||
#include "virt.h"
|
||||
@ -301,6 +302,8 @@ static int condition_test_security(Condition *c) {
|
||||
return use_audit();
|
||||
if (streq(c->parameter, "ima"))
|
||||
return use_ima();
|
||||
if (streq(c->parameter, "tomoyo"))
|
||||
return mac_tomoyo_use();
|
||||
|
||||
return false;
|
||||
}
|
||||
|
@ -88,6 +88,8 @@ shared_sources = '''
|
||||
sysctl-util.h
|
||||
tests.c
|
||||
tests.h
|
||||
tomoyo-util.c
|
||||
tomoyo-util.h
|
||||
udev-util.h
|
||||
udev-util.c
|
||||
uid-range.c
|
||||
|
32
src/shared/tomoyo-util.c
Normal file
32
src/shared/tomoyo-util.c
Normal file
@ -0,0 +1,32 @@
|
||||
/***
|
||||
This file is part of systemd.
|
||||
|
||||
Copyright 2017 Shawn Landden
|
||||
|
||||
systemd is free software; you can redistribute it and/or modify it
|
||||
under the terms of the GNU Lesser General Public License as published by
|
||||
the Free Software Foundation; either version 2.1 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
systemd is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public License
|
||||
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||
***/
|
||||
|
||||
#include <unistd.h>
|
||||
|
||||
#include "tomoyo-util.h"
|
||||
|
||||
bool mac_tomoyo_use(void) {
|
||||
static int cached_use = -1;
|
||||
|
||||
if (cached_use < 0)
|
||||
cached_use = (access("/sys/kernel/security/tomoyo/version",
|
||||
F_OK) == 0);
|
||||
|
||||
return cached_use;
|
||||
}
|
24
src/shared/tomoyo-util.h
Normal file
24
src/shared/tomoyo-util.h
Normal file
@ -0,0 +1,24 @@
|
||||
#pragma once
|
||||
|
||||
/***
|
||||
This file is part of systemd.
|
||||
|
||||
Copyright 2017 Shawn Landden
|
||||
|
||||
systemd is free software; you can redistribute it and/or modify it
|
||||
under the terms of the GNU Lesser General Public License as published by
|
||||
the Free Software Foundation; either version 2.1 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
systemd is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public License
|
||||
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||
***/
|
||||
|
||||
#include <stdbool.h>
|
||||
|
||||
bool mac_tomoyo_use(void);
|
Loading…
Reference in New Issue
Block a user