What is the best way to find out (in a script) whether SElinux is used?
Aleksey Nogin
aleksey at nogin.org
Fri Mar 19 10:08:44 UTC 2004
I want to have a script that acts slightly differently depending on
whether SELinux is being used or not. What is the best way to do it?
My initial attempts to use "-e /etc/security/selinux" or "-e
/selinux/enforce" all create log messages:
audit(1079689937.170:0): avc: denied { getattr } for pid=2662
exe=/bin/bash path=/etc/security/selinux dev=hda2 ino=3712021
scontext=aleksey:staff_r:staff_t
tcontext=system_u:object_r:policy_config_t tclass=dir
audit(1079690744.526:0): avc: denied { getattr } for pid=3577
exe=/bin/bash path=/selinux/enforce dev= ino=4
scontext=aleksey:staff_r:staff_t tcontext=system_u:object_r:security_t
tclass=file
--
Aleksey Nogin
Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907
More information about the fedora-selinux-list
mailing list