-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom London wrote: > On 10/11/07, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >> On Thu, 2007-10-11 at 10:00 -0700, Tom London wrote: >>> What is the 'approved' method for determining if SELinux is 'running', >>> that is, active, and in either enforcing or permissive mode? >>> >>> If my feeble memory serves me, there used to be a 'isSELinux' or some >>> such, but I can't seem to find this anymore. >>> >>> I'd like to modify some scripts to work both with and without SELinux >>> active, e.g., vmware. It is currently testing against the contents of >>> /selinux/enforce, but that does not seem right.... >> What kind of scripts? Python scripts can use the python bindings to >> libselinux to directly invoke is_selinux_enabled(), >> security_getenforce(), and/or selinux_getenforcemode(). >> >> Shell scripts can execute selinuxenabled (as a boolean condition, >> exiting with 0 for true and 1 for false, just like /bin/true >> and /bin/false, for use in conditional statements - no output), >> getenforce (displaying the Enforcing/Permissive/Disabled status as >> output), or sestatus (displaying more information). >> > vmware, in particular, runs a shell script. > > Here was the 'before' test: > if [ "`cat /selinux/enforce 2> /dev/null`" = "1" ]; then > > This had the (erroneous?) behavior of only executing the 'then' clause > if SELinux is active and in enforcing mode. So permissive mode borks > this. > > Here is how I changed it: > if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then > > Seems to work (I booted w/ enforcing=0)..... > > Any chance that selinuxenabled would get installed someplace else? > > tom Not likely. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHDqGLrlYvE4MpobMRApjAAKDFuOJT6X4EXEXQjBxInxzrGfryqQCgnkZh po7B4irBh0jehj/FCj/2TxE= =X1xJ -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
