Hello Frank, thank you for your reply.
> Jan, > > You might consider checking if the '/selinux/enforce' file exists and the > file contains '1' (1 is enforcing). That would ensure that SELinux enabled > and enforcing the policy. I intentionally wanted to avoid checking of some explicit file location (due the reason the location would change - as it did already), and rather wanted to check runtime kernel in the way libselinux is doing in init_selinuxmnt(): [1] https://android.googlesource.com/platform/external/libselinux/+/master/src/init.c The test should check only if current kernel has SELinux loaded - there will be dedicated test for checking if SELinux is enforcing due reasons i will mention later. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > > Regards, > > Frank Caviggia > > > On 10/04/2013 01:11 PM, Jan Lieskovsky wrote: > > > > Introduce new SELinux section of the guide and first rule > for it - check if SELinux is enabled in currently > booted kernel. > > Please review. > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Technologies Team > > > _______________________________________________ > scap-security-guide mailing list [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > > -- > Frank Caviggia > Consultant, Public Sector [email protected] (M) (571) 295-4560 > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
