1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
class TestNoKernelT(TestBase):
"""
Test for processes running in system_u:system_r:kernel_t
This type should only be used by kernel processes, which are detected by
not having any maps.
"""
# Not sure if this test actually helps when the init test succeeded.
# But it doesn't harm either
class ErrorBadKernelProcesses(ErrorBase):
def __init__(self, badprocs):
self.badprocs = badprocs
def __str__(self):
return "There were %d processes found running in the kernel domain." \
% len(self.badprocs)
@staticmethod
def test():
import os
badprocs = []
(getin, getout) = os.popen2("getfilecon /proc/[0-9]*")
getin.close()
for line in getout.readlines():
(dir, context) = line.split()
components = dir.split("/")
pid = components[-1]
if context.find("system_r:kernel_t") >= 0:
badproc = False
file = open("/proc/%s/maps" % pid)
if file.readlines():
badproc = True
file.close()
if badproc:
badprocs.append(pid)
getout.close()
if len(badprocs) > 0:
return [TestNoKernelT.ErrorBadKernelProcesses(badprocs)]
return []
register_test(TestNoKernelT)
|
