Re: How to test if SELinux is 'running'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2007-10-11 at 10:00 -0700, Tom London wrote:
> What is the 'approved' method for determining if SELinux is 'running',
> that is, active, and in either enforcing or permissive mode?
> 
> If my feeble memory serves me, there used to be a 'isSELinux' or some
> such, but I can't seem to find this anymore.
> 
> I'd like to modify some scripts to work both with and without SELinux
> active, e.g., vmware.  It is currently testing against the contents of
> /selinux/enforce, but that does not seem right....

What kind of scripts?  Python scripts can use the python bindings to
libselinux to directly invoke is_selinux_enabled(),
security_getenforce(), and/or selinux_getenforcemode().

Shell scripts can execute selinuxenabled (as a boolean condition,
exiting with 0 for true and 1 for false, just like /bin/true
and /bin/false, for use in conditional statements - no output),
getenforce (displaying the Enforcing/Permissive/Disabled status as
output), or sestatus (displaying more information).

-- 
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux