Show the current active checkreqprot state in sestatus
---
policycoreutils/sestatus/sestatus.8 | 2 ++
policycoreutils/sestatus/sestatus.c | 14 ++++++++++++++
2 files changed, 16 insertions(+)
diff --git a/policycoreutils/sestatus/sestatus.8 b/policycoreutils/sestatus/sestatus.8
index 51ff0566..a89c53fd 100644
--- a/policycoreutils/sestatus/sestatus.8
+++ b/policycoreutils/sestatus/sestatus.8
@@ -33,6 +33,8 @@ Policy MLS status: enabled
.br
Policy deny_unknown status: allow
.br
+Memory protection checking: actual (secure)
+.br
Max kernel policy version: 26
.RE
.sp
diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c
index 2111b15d..b05e794c 100644
--- a/policycoreutils/sestatus/sestatus.c
+++ b/policycoreutils/sestatus/sestatus.c
@@ -330,6 +330,20 @@ int main(int argc, char **argv)
break;
}
+ printf_tab("Memory protection checking:");
+ rc = security_get_checkreqprot();
+ switch (rc) {
+ case 0:
+ printf("actual (secure)\n");
+ break;
+ case 1:
+ printf("requested (insecure)\n");
+ break;
+ default:
+ printf("error (%s)\n", strerror(errno));
+ break;
+ }
+
rc = security_policyvers();
printf_tab("Max kernel policy version:");
if (rc < 0)
--
2.11.0
