diff options
| author | Topi Miettinen <toiwoton@gmail.com> | 2020-03-23 19:41:58 +0300 |
|---|---|---|
| committer | Topi Miettinen <toiwoton@gmail.com> | 2020-03-23 19:44:21 +0300 |
| commit | e09fe98b893dc69ac5fad65829c8b0c52f232f98 (patch) | |
| tree | 9837c3f53fcbd658953b96dc4bfa107a761053c6 /include/tests_mac_frameworks | |
| parent | 7bba7bd4af22a959a1a058e76bb4689f748491a6 (diff) | |
Enhance TOMOYO Linux check
Count and log unconfined processes, which are not using policy
profile 3.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Diffstat (limited to 'include/tests_mac_frameworks')
| -rw-r--r-- | include/tests_mac_frameworks | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/tests_mac_frameworks b/include/tests_mac_frameworks index 94f2065d..3f23c77e 100644 --- a/include/tests_mac_frameworks +++ b/include/tests_mac_frameworks @@ -206,6 +206,13 @@ LogText "Result: TOMOYO Linux is enabled" Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_ENABLED}" --color GREEN Report "tomoyo_enabled=1" + if [ ! -z ${TOMOYOPSTREEBINARY} ]; then + NUNCONFINED=$(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^ 3 ' | ${WCBINARY} --lines) + Display --indent 8 --text "Found ${NUNCONFINED} unconfined (not profile 3) processes" + for PROCESS in $(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^ 3 ' | ${SEDBINARY} -e 's/+-//g' -e 's/^ *//g' -e 's/ \+/:/g' | ${SORTBINARY}); do + LogText "Result: Unconfined process: ${PROCESS}" + done + fi AddHP 3 3 else LogText "Result: TOMOYO Linux is disabled" |