[PATCH 1/2] sestatus: resolve symlinks in path when looking for a process

[Nicolas Iooss]

"sestatus -v" uses /proc/$PID/exe symbolic link in order to find the
context of processes present in /etc/sestatus.conf. For example, this
file includes "/usr/sbin/sshd".

On Arch Linux, /bin, /sbin and /usr/sbin are symbolic links to /usr/bin,
so sshd process is seen as "/usr/bin/sshd" instead of "/usr/sbin/sshd".
This causes "sestatus -v" to show nothing in "Process contexts:" for
sshd, agetty, etc.

Use realpath() to resolve any symlink components in program paths
defined in /etc/sestatus.conf. This makes "sestatus -v" show the
expected result:

    Process contexts:
    Current context:                sysadm_u:sysadm_r:sysadm_t
    Init context:                   system_u:system_r:init_t
    /sbin/agetty                    system_u:system_r:getty_t
    /usr/sbin/sshd                  system_u:system_r:sshd_t

Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org>
---
 policycoreutils/sestatus/sestatus.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/policycoreutils/sestatus/sestatus.c 
b/policycoreutils/sestatus/sestatus.c
index b05e794cabe7..d7f198c2fa0d 100644
--- a/policycoreutils/sestatus/sestatus.c
+++ b/policycoreutils/sestatus/sestatus.c
@@ -61,6 +61,7 @@ int cmp_cmdline(const char *command, int pid)
 int pidof(const char *command)
 {
 /* inspired by killall5.c from psmisc */
+       char stackpath[PATH_MAX + 1], *p;
        DIR *dir;
        struct dirent *de;
        int pid, ret = -1, self = getpid();
@@ -70,6 +71,11 @@ int pidof(const char *command)
                return -1;
        }
 
+       /* Resolve the path if it contains symbolic links */
+       p = realpath(command, stackpath);
+       if (p)
+               command = p;
+
        while ((de = readdir(dir)) != NULL) {
                errno = 0;
                pid = (int)strtol(de->d_name, (char **)NULL, 10);
-- 
2.17.0