sestatus: show checkreqprot status

Show the current active checkreqprot state in sestatus
2025-02-13 07:37:03 +00:00 · 2017-05-06 15:08:48 +02:00 · 2017-05-06 15:08:48 +02:00 · 3376ac498e
commit 3376ac498e
parent d1ff68ffee
2 changed files with 16 additions and 0 deletions
--- a/policycoreutils/sestatus/sestatus.8
+++ b/policycoreutils/sestatus/sestatus.8
@ -33,6 +33,8 @@ Policy MLS status:           enabled
 .br
 Policy deny_unknown status:  allow
 .br
+Memory protection checking:  actual (secure)
+.br
 Max kernel policy version:   26
 .RE
 .sp
--- a/policycoreutils/sestatus/sestatus.c
+++ b/policycoreutils/sestatus/sestatus.c
@ -330,6 +330,20 @@ int main(int argc, char **argv)
 			break;
 	}

+	printf_tab("Memory protection checking:");
+	rc = security_get_checkreqprot();
+	switch (rc) {
+		case 0:
+			printf("actual (secure)\n");
+			break;
+		case 1:
+			printf("requested (insecure)\n");
+			break;
+		default:
+			printf("error (%s)\n", strerror(errno));
+			break;
+	}
+
 	rc = security_policyvers();
 	printf_tab("Max kernel policy version:");
 	if (rc < 0)