On 1/10/20 9:15 AM, Christian Göttsche wrote:
---
libselinux/utils/.gitignore | 1 +
libselinux/utils/polcap_enabled.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 31 insertions(+)
create mode 100644 libselinux/utils/polcap_enabled.c
diff --git a/libselinux/utils/.gitignore b/libselinux/utils/.gitignore
index 3ef34374..bfe1db4d 100644
--- a/libselinux/utils/.gitignore
+++ b/libselinux/utils/.gitignore
@@ -12,6 +12,7 @@ getpidcon
getsebool
getseuser
matchpathcon
+polcap_enabled
policyvers
sefcontext_compile
selabel_digest
diff --git a/libselinux/utils/polcap_enabled.c b/libselinux/utils/polcap_enabled.c
new file mode 100644
index 00000000..e984d1e4
--- /dev/null
+++ b/libselinux/utils/polcap_enabled.c
@@ -0,0 +1,30 @@
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ int ret;
+
+ if (argc != 2) {
+ printf("usage: %s polcap_name\n", argv[0]);
+ return 1;
+ }
+
+ ret = security_is_policy_capability_enabled(argv[1]);
+
+ if (ret == 1)
+ printf("enabled\n");
+ else if (ret == 0)
+ printf("disabled\n");
+ else if (errno == ENOTSUP)
+ printf("not supported\n");
+ else {
+ printf("error (%d): %s\n", errno, strerror(errno));
+ return 1;
+ }
+
+ return 0;
+}
For new libselinux utilities, let's try to use some kind of unique
prefix to help avoid collisions for distros that install these programs.
selinux_ should be fine.
