What is the best way to find out (in a script) whether SElinux is used?
Daniel J Walsh
dwalsh at redhat.com
Fri Mar 19 12:43:12 UTC 2004
Aleksey Nogin wrote:
> I want to have a script that acts slightly differently depending on
> whether SELinux is being used or not. What is the best way to do it?
>
> My initial attempts to use "-e /etc/security/selinux" or "-e
> /selinux/enforce" all create log messages:
>
> audit(1079689937.170:0): avc: denied { getattr } for pid=2662
> exe=/bin/bash path=/etc/security/selinux dev=hda2 ino=3712021
> scontext=aleksey:staff_r:staff_t
> tcontext=system_u:object_r:policy_config_t tclass=dir
> audit(1079690744.526:0): avc: denied { getattr } for pid=3577
> exe=/bin/bash path=/selinux/enforce dev= ino=4
> scontext=aleksey:staff_r:staff_t tcontext=system_u:object_r:security_t
> tclass=file
>
/usr/bin/selinuxenabled
Exits with status 0 if enabled.
Dan
More information about the fedora-selinux-list
mailing list