On Tue, Mar 19, 2024 at 7:03 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > It would be very helpful if I could find documentation about, or even a > list of, system services that have been enhanced in support of SELinux. > I'm doing this as part of the LSM stacking effort, looking for things that > may require additional work for the multiple LSM environment. I already > know about systemd, dbus and the pam module. (re-send in plaintext mode, with some additional info appended at the end) There is an old list at https://github.com/SELinuxProject/selinux/wiki/Userspace-Packages But the only way to get an accurate up-to-date list is to use your favorite package manager and ask it for the list of all packages that depend on libselinux. That will be more than just services of course. Technically that might not get all of them since some could just be directly using the xattr system calls, the /proc/pid/attr interface, and/or the /sys/fs/selinux interface without using the libselinux wrappers. Some SELinux-aware services besides the ones you listed above and not in the original list on GitHub include nscd (part of glibc), sssd, Xorg, PostgreSQL, libvirtd, all the modern cron variants, and various container runtimes/daemons. The extent to which they use SELinux APIs varies though, from those that are merely getting/setting SELinux process or file contexts to full-fledged userspace object managers / policy enforcers. Then there is a completely different list for Android, but not sure you care about it.
