"sestatus -v" uses /proc/$PID/exe symbolic link in order to find the
context of processes present in /etc/sestatus.conf. For example, this
file includes "/usr/sbin/sshd".
On Arch Linux, /bin, /sbin and /usr/sbin are symbolic links to /usr/bin,
so sshd process is seen as "/usr/bin/sshd" instead of "/usr/sbin/sshd".
This causes "sestatus -v" to show nothing in "Process contexts:" for
sshd, agetty, etc.
Use realpath() to resolve any symlink components in program paths
defined in /etc/sestatus.conf. This makes "sestatus -v" show the
expected result:
Process contexts:
Current context: sysadm_u:sysadm_r:sysadm_t
Init context: system_u:system_r:init_t
/sbin/agetty system_u:system_r:getty_t
/usr/sbin/sshd system_u:system_r:sshd_t
Signed-off-by: Nicolas Iooss <[email protected]>
---
policycoreutils/sestatus/sestatus.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/policycoreutils/sestatus/sestatus.c
b/policycoreutils/sestatus/sestatus.c
index b05e794cabe7..d7f198c2fa0d 100644
--- a/policycoreutils/sestatus/sestatus.c
+++ b/policycoreutils/sestatus/sestatus.c
@@ -61,6 +61,7 @@ int cmp_cmdline(const char *command, int pid)
int pidof(const char *command)
{
/* inspired by killall5.c from psmisc */
+ char stackpath[PATH_MAX + 1], *p;
DIR *dir;
struct dirent *de;
int pid, ret = -1, self = getpid();
@@ -70,6 +71,11 @@ int pidof(const char *command)
return -1;
}
+ /* Resolve the path if it contains symbolic links */
+ p = realpath(command, stackpath);
+ if (p)
+ command = p;
+
while ((de = readdir(dir)) != NULL) {
errno = 0;
pid = (int)strtol(de->d_name, (char **)NULL, 10);
--
2.17.0
