On 2/11/20 2:12 PM, Christian Göttsche wrote:
Am Fr., 7. Feb. 2020 um 18:51 Uhr schrieb Stephen Smalley <sds@xxxxxxxxxxxxx>:
On 2/7/20 10:39 AM, Petr Lautrbach wrote:
Christian Göttsche <cgzones@xxxxxxxxxxxxxx> writes:
is_selinux_enabled() does never return -1, do not say so in the manpage.
I am having second thoughts about this:
With the current inaccurate documentation the worst effect are dead
error handlers in client code.
But when removed now, after a potential SELinux rework (either kernel
or userland) in some years it might be way harder to re-introduce
error checking in all client applications.
Looking around at callers via codesearch, I don't see any actual error
handlers for is_selinux_enabled() < 0. There is also inconsistent
handling of the < 0 case; some code handles it the same as 0 (disabled)
while other code handles any non-zero result as selinux-enabled.
Probably better to fix the man page and header.
