On Thu, 20.02.14 18:17, Colin Walters (walters@xxxxxxxxxx) wrote: Hmm, maybe a simple check access("/etc/selinux/", F_OK) would be enough? There's no point in trying to initialized SELinux if that dir does not exist, right? Then we could simply bypass the whole thing...
Beyond what Eric said, I also think that libselinux should continue to contain all of the key logic for whether or not SELinux is enabled and how to behave.
The current *API* seems OK in having the two return values of an error code and an enforcing flag.
The only thing libselinux can't know is:
1) Whether we're inside an initramfs right now
2) Whether or not the OS vendor expects policy to be found in the real root or the initramfs
So those bits of logic make sense to me in systemd, although there is an argument for #2 living in libselinux.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
