Re: selinux: how to query if selinux is enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 7, 2020 at 9:07 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
> On Wed, Oct 7, 2020 at 8:41 PM Olga Kornievskaia <aglo@xxxxxxxxx> wrote:
> > Hi folks,
> >
> > From some linux kernel module, is it possible to query and find out
> > whether or not selinux is currently enabled or not?
> >
> > Thank you.
>
> [NOTE: CC'ing the SELinux list as it's probably a bit more relevant
> that the LSM list]
>
> In general most parts of the kernel shouldn't need to worry about what
> LSMs are active and/or enabled; the simply interact with the LSM(s)
> via the interfaces defined in include/linux/security.h (there are some
> helpful comments in include/linux/lsm_hooks.h).  Can you elaborate a
> bit more on what you are trying to accomplish?

Hi Paul,

Thank you for the response. What I'm trying to accomplish is the
following. Within a file system (NFS), typically any queries for
security labels are triggered by the SElinux (or I guess an LSM in
general) (thru the xattr_handler hooks). However, when the VFS is
calling to get directory entries NFS will always get the labels
(baring server not supporting it). However this is useless and affects
performance (ie., this makes servers do extra work  and adds to the
network traffic) when selinux is disabled. It would be useful if NFS
can check if there is anything that requires those labels, if SElinux
is enabled or disabled.

Thank you.

> P.S. Go Blue :)

Go Blue! :)

>
> --
> paul moore
> www.paul-moore.com



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux