ksysguardd: show Mandatory Access Control (SELinux/AppArmor) context
ClosedPublic

Authored by topimiettinen on Apr 26 2019, 9:53 PM.

Details

Summary

Collect and display Mandatory Access Control (SELinux/AppArmor) context info from /proc/PID/attr/current.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>

Diff Detail

Repository
R106 KSysguard
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
topimiettinen created this revision.Apr 26 2019, 9:53 PM
Restricted Application added a project: Plasma. · View Herald TranscriptApr 26 2019, 9:53 PM
Restricted Application added a subscriber: plasma-devel. · View Herald Transcript
topimiettinen requested review of this revision.Apr 26 2019, 9:53 PM

free strdup'ed string

avoid memory allocations and reuse existing validation function

Example output:

ksysguardd> ps?
Name        PID     PPID    UID     GID     Status  User Time       System Time     Nice    VmSize  VmRss   VmURss  Login   TracerPID       TTY     Command IO Priority Class       IO Priority     NNP     CGroup  SELinux Context
s       d       d       d       d       S       d       d       d       D       D       D       s       d       s       s       d       d       d       s       s
ksysguardd> ps
systemd     1       -1      0       0       sleeping        34      122     0       384076  14472   5044    root    -1              /usr/lib/systemd/systemd --switched-root --system --deserialize 32      0       0       0       /init.scope     system_u:system_r:init_t:s0
kwin_x11        1638    1618    1000    1000    running 384     252     0       3062496 105812  20668   topi    -1              /usr/bin/kwin_x11       0       0       0       /user.slice/user-1000.slice/session-2.scope     unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
davidedmundson accepted this revision.Apr 28 2019, 5:08 PM
davidedmundson added a subscriber: davidedmundson.

Out of curiosity, do you use the remote processlist?

This revision is now accepted and ready to land.Apr 28 2019, 5:08 PM
topimiettinen added a comment.EditedApr 28 2019, 6:48 PM

Out of curiosity, do you use the remote processlist?

No, but at first I thought ksysguardd was always used as a back end. It seems simple enough to be updated in sync with Qt version.

Could you also please review D20854, D20584 and D20786? They all are quite similar.

Like D20854, this should be also applicable to AppArmor.

Updated to reflect that this is also useful for AppArmor

topimiettinen retitled this revision from ProcessList: show SELinux context to ksysguardd: show Mandatory Access Control (SELinux/AppArmor) context.May 18 2019, 1:40 PM
topimiettinen edited the summary of this revision. (Show Details)
This revision was automatically updated to reflect the committed changes.