On Thu, 2007-10-11 at 10:00 -0700, Tom London wrote: > What is the 'approved' method for determining if SELinux is 'running', > that is, active, and in either enforcing or permissive mode? > > If my feeble memory serves me, there used to be a 'isSELinux' or some > such, but I can't seem to find this anymore. > > I'd like to modify some scripts to work both with and without SELinux > active, e.g., vmware. It is currently testing against the contents of > /selinux/enforce, but that does not seem right.... What kind of scripts? Python scripts can use the python bindings to libselinux to directly invoke is_selinux_enabled(), security_getenforce(), and/or selinux_getenforcemode(). Shell scripts can execute selinuxenabled (as a boolean condition, exiting with 0 for true and 1 for false, just like /bin/true and /bin/false, for use in conditional statements - no output), getenforce (displaying the Enforcing/Permissive/Disabled status as output), or sestatus (displaying more information). -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
