librewolf/lkrg
1
0
Fork 0
mirror of https://github.com/openwall/lkrg.git synced 2023-12-13 21:30:29 +01:00
Code Issues Projects Releases Wiki Activity

Add WARN message when LKRG can't enforce SELinux validation

Browse source 
It can happen when CONFIG_GCC_PLUGIN_RANDSTRUCT is used. Additionally,
this commit reorganize the code to keep SELinux initialization together.
This commit is contained in:
Adam_pi3 2021-03-21 00:46:01 +00:00
parent c1a87c3529
commit b9ff71131d
No known key found for this signature in database
GPG key ID: 7C0A38B52323F571
1 changed files with 17 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
src/modules/exploit_detection/p_exploit_detection.c
View file

@ -2265,6 +2265,23 @@ int p_exploit_detection_init(void) {
goto p_exploit_detection_init_out;
}
#endif
// SELinux information
#ifdef P_SELINUX_VERIFY
if (p_selinux_state_init()) {
p_print_log(P_LKRG_ERR,
"ERROR: Can't initialize selinux :(\n");
p_ret = P_LKRG_GENERAL_ERROR;
goto p_exploit_detection_init_out;
}
#elif defined(CONFIG_GCC_PLUGIN_RANDSTRUCT)
p_print_log(P_LKRG_ERR, "LKRG can't enforce SELinux validation "
"(CONFIG_GCC_PLUGIN_RANDSTRUCT detected)\n");
#endif
#if (!defined(RHEL_RELEASE_CODE) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)) || \
(defined(RHEL_RELEASE_CODE) && RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 3))
p_ed_guard_globals.p_selinux.p_selinux_enabled = *P_SYM(p_selinux_enabled);
#endif
p_lkrg_counter_lock_init(&p_ed_guard_globals.p_selinux_lock);
#endif
if (p_init_rb_ed_pids()) {
@ -2277,23 +2294,6 @@ int p_exploit_detection_init(void) {
// Dump processes and threads
p_iterate_processes(p_dump_task_f,0x0);
#ifdef CONFIG_SECURITY_SELINUX
// SELinux information
#ifdef P_SELINUX_VERIFY
if (p_selinux_state_init()) {
p_print_log(P_LKRG_ERR,
"ERROR: Can't initialize selinux :(\n");
p_ret = P_LKRG_GENERAL_ERROR;
goto p_exploit_detection_init_out;
}
#endif
#if (!defined(RHEL_RELEASE_CODE) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)) || \
(defined(RHEL_RELEASE_CODE) && RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 3))
p_ed_guard_globals.p_selinux.p_selinux_enabled = *P_SYM(p_selinux_enabled);
#endif
p_lkrg_counter_lock_init(&p_ed_guard_globals.p_selinux_lock);
#endif
p_ret = P_LKRG_SUCCESS;
for (p_fh_it = p_functions_hooks_array; p_fh_it->name != NULL; p_fh_it++) {