On Wed, Oct 7, 2020 at 9:07 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Wed, Oct 7, 2020 at 8:41 PM Olga Kornievskaia <aglo@xxxxxxxxx> wrote: > > Hi folks, > > > > From some linux kernel module, is it possible to query and find out > > whether or not selinux is currently enabled or not? > > > > Thank you. > > [NOTE: CC'ing the SELinux list as it's probably a bit more relevant > that the LSM list] > > In general most parts of the kernel shouldn't need to worry about what > LSMs are active and/or enabled; the simply interact with the LSM(s) > via the interfaces defined in include/linux/security.h (there are some > helpful comments in include/linux/lsm_hooks.h). Can you elaborate a > bit more on what you are trying to accomplish? Hi Paul, Thank you for the response. What I'm trying to accomplish is the following. Within a file system (NFS), typically any queries for security labels are triggered by the SElinux (or I guess an LSM in general) (thru the xattr_handler hooks). However, when the VFS is calling to get directory entries NFS will always get the labels (baring server not supporting it). However this is useless and affects performance (ie., this makes servers do extra work and adds to the network traffic) when selinux is disabled. It would be useful if NFS can check if there is anything that requires those labels, if SElinux is enabled or disabled. Thank you. > P.S. Go Blue :) Go Blue! :) > > -- > paul moore > www.paul-moore.com
