Show the current active checkreqprot state in sestatus
---
policycoreutils/sestatus/sestatus.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c
index 2111b15d..a461251d 100644
--- a/policycoreutils/sestatus/sestatus.c
+++ b/policycoreutils/sestatus/sestatus.c
@@ -330,6 +330,20 @@ int main(int argc, char **argv)
break;
}
+ printf_tab("Current checkreqprot mode:");
+ rc = security_get_checkreqprot();
+ switch (rc) {
+ case 0:
+ printf("Kernel preset\n");
+ break;
+ case 1:
+ printf("Application requested\n");
+ break;
+ default:
+ printf("error (%s)\n", strerror(errno));
+ break;
+ }
+
rc = security_policyvers();
printf_tab("Max kernel policy version:");
if (rc < 0)
--
2.11.0
