diff --git a/include/binaries b/include/binaries index 8b754146..eec0fe56 100644 --- a/include/binaries +++ b/include/binaries @@ -278,6 +278,7 @@ tail) TAILBINARY="${BINARY}"; LogText " Found known binary: tail (text filter) - ${BINARY}" ;; timedatectl) TIMEDATECTL="${BINARY}"; LogText " Found known binary: timedatectl (timedate client) - ${BINARY}" ;; tomoyo-init) TOMOYOINITBINARY=${BINARY}; LogText " Found known binary: tomoyo-init (tomoyo component) - ${BINARY}" ;; + tomoyo-pstree) TOMOYOPSTREEBINARY=${BINARY}; LogText " Found known binary: tomoyo-pstree (tomoyo process tree) - ${BINARY}" ;; tr) TRBINARY="${BINARY}"; LogText " Found known binary: tr (text transformation) - ${BINARY}" ;; tripwire) TRIPWIREBINARY="${BINARY}"; LogText " Found known binary: tripwire (file integrity) - ${BINARY}" ;; tune2fs) TUNE2FSBINARY="${BINARY}"; LogText " Found known binary: tune2fs (file system tool) - ${BINARY}" ;; diff --git a/include/tests_mac_frameworks b/include/tests_mac_frameworks index 94f2065d..3f23c77e 100644 --- a/include/tests_mac_frameworks +++ b/include/tests_mac_frameworks @@ -206,6 +206,13 @@ LogText "Result: TOMOYO Linux is enabled" Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_ENABLED}" --color GREEN Report "tomoyo_enabled=1" + if [ ! -z ${TOMOYOPSTREEBINARY} ]; then + NUNCONFINED=$(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^ 3 ' | ${WCBINARY} --lines) + Display --indent 8 --text "Found ${NUNCONFINED} unconfined (not profile 3) processes" + for PROCESS in $(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^ 3 ' | ${SEDBINARY} -e 's/+-//g' -e 's/^ *//g' -e 's/ \+/:/g' | ${SORTBINARY}); do + LogText "Result: Unconfined process: ${PROCESS}" + done + fi AddHP 3 3 else LogText "Result: TOMOYO Linux is disabled"