Re: Determining if SELinux is installed

[Daniel J Walsh <dwalsh@xxxxxxxxxx>]

Scott Cain wrote:

> On Tue, 2005-02-15 at 12:13 -0500, Daniel J Walsh wrote:
>  
>
> > Why can't you fully path it?  Just checking if the /proc/filesystem 
> > exists is not sufficient, if the user has disabled
> > SELinux via /etc/selinux/config instead of selinux=0, I think.  
> > selinuxenabled also checks to see if a policy has been
> > loaded.
> >
> > I would do the equivalent of
> >
> > [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled
> >
> > in perl.
> >
> >
> > Dan
> >    
> Hi Dan,
>
> I don't particularly like giving the full path to something for exactly
> a reason that Stephen gave: it used to be in /usr/bin, now it's
> in /usr/sbin, next, some genius will move it to /usr/libexec (or similar
> foolishness).  If I can't count on it being in the users path, I don't
> want it.  Otherwise, I'll always have a potential failure point if
> selinuxenabled is moved in some other distro.
>
> Also, at the moment, the installer isn't going to do anything tricky.
> If it detects that SELinux is installed (or might be), it will die with
> a warning message telling the user what to do.  To get past that point,
> the user will have to pass in a flag on the command line telling the
> installer that all is well.
>
> The "what to do" at this point is: make sure the policies are up to
> date, and then disable everything for httpd, or run in permissive mode,
> or disable it altogether.
>
> Scott
>
>  
Another option would be to execute something like
id -Z
I don't have a non SELinux machine right now to know if that exits 
non-zero.  But it reports that SELinux is not enabled.
selinuxenabled was not considered a userspace tool that is why it was 
moved along with a lot of other helper tools.

Dan

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.