Skip to content

Commit

Permalink
helpers/osinfo: add security lockdown type detection
Browse files Browse the repository at this point in the history 
This allows user to check '/sys/kernel/security/lockdown' status.
  • Loading branch information
@rafaeldtinoco
rafaeldtinoco authored and Rafael David Tinoco committed Jan 10, 2022
1 parent b168808 commit bb3b47e
Showing 1 changed file with 44 additions and 0 deletions.
44 changes: 44 additions & 0 deletions helpers/osinfo.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -242,3 +242,47 @@ func FtraceEnabled() (bool, error) {
}
return b[0] == '1', nil
}

type LockdownMode int32

func (l LockdownMode) String() string {
return lockdownModeToString[l]
}

const (
NOVALUE LockdownMode = iota
NONE
INTEGRITY
CONFIDENTIALITY
)

var stringToLockdownMode = map[string]LockdownMode{
"none": NONE,
"integrity": INTEGRITY,
"confidentiality": CONFIDENTIALITY,
}

var lockdownModeToString = map[LockdownMode]string{
NONE: "none",
INTEGRITY: "integrity",
CONFIDENTIALITY: "confidentiality",
}

func Lockdown() (LockdownMode, error) {
LockdownFile := "/sys/kernel/security/lockdown"
data, err := os.ReadFile(LockdownFile)
if err != nil {
return NOVALUE, err
}

dataString := string(data[:])

for lockString, lockMode := range stringToLockdownMode {
tempString := fmt.Sprintf("[%s]", lockString)
if strings.Contains(dataString, tempString) {
return lockMode, nil
}
}

return NOVALUE, fmt.Errorf("could not get lockdown mode")
}

0 comments on commit bb3b47e

Please sign in to comment.