Le 08/11/15 23:13, Sandro Tosi a écrit :
On Sun, Nov 8, 2015 at 9:27 PM, Laurent Bigonville <bi...@debian.org> wrote:
On Fri, 2 Jan 2015 22:48:26 +0000 Sandro Tosi <mo...@debian.org> wrote:
Thanks for the reply!
Any progress on this?
I'm ok in running sestatus, but it seems this tool is only available
if you are using SELinux and thus u have installed the relative
binaries, is there a way to identify if SELinux is enabled without
using that tool?
But this might be a bit too verbose, and I'm not sure whether the
output is considered stable.
I think that would be an important part to clarify, eventually if
there is a parsable way to output this information; this will reduce
the maintenance cost on reportbug side.
An other tool which seem to have a stable output is
/usr/sbin/getenforce, it outputs either Disabled, Permissive or
Enforcing. But again this is a tool that is part of SELinux toolset
Like I said in my previous mail:
Or we we could also, if don't want to rely on any external tools do
the following I guess:
- Check /proc/mount to see whether a "selinuxfs" filesystem is mounted
that would indicate that selinux is at least enabled on the machine.
(The mountpoint can, by default, either /sys/fs/selinux or /selinux)
- Then a more granular status can be checked by looking in
<mount_point>/enforce, <mount_point>/mls, <mount_point>/deny_unknown.
The files contain 1/0 (true/false) to indicate whether SELinux is in
enforcing mode, using MLS or denying unknown access vectors.
This is basically what getenfoce utility (and libselinux) is doing
Reportbug-maint mailing list