I want to have a script that acts slightly differently depending on whether SELinux is being used or not. What is the best way to do it?
My initial attempts to use "-e /etc/security/selinux" or "-e /selinux/enforce" all create log messages:
audit(1079689937.170:0): avc: denied { getattr } for pid=2662 exe=/bin/bash path=/etc/security/selinux dev=hda2 ino=3712021 scontext=aleksey:staff_r:staff_t tcontext=system_u:object_r:policy_config_t tclass=dir audit(1079690744.526:0): avc: denied { getattr } for pid=3577 exe=/bin/bash path=/selinux/enforce dev= ino=4 scontext=aleksey:staff_r:staff_t tcontext=system_u:object_r:security_t tclass=file
On Fri, 19 Mar 2004 21:08, Aleksey Nogin aleksey@nogin.org wrote:
I want to have a script that acts slightly differently depending on whether SELinux is being used or not. What is the best way to do it?
My initial attempts to use "-e /etc/security/selinux" or "-e /selinux/enforce" all create log messages:
I've attached my archive of man pages for SE Linux APIs. See is_selinux_enabled(3).
Aleksey Nogin wrote:
I want to have a script that acts slightly differently depending on whether SELinux is being used or not. What is the best way to do it?
My initial attempts to use "-e /etc/security/selinux" or "-e /selinux/enforce" all create log messages:
audit(1079689937.170:0): avc: denied { getattr } for pid=2662 exe=/bin/bash path=/etc/security/selinux dev=hda2 ino=3712021 scontext=aleksey:staff_r:staff_t tcontext=system_u:object_r:policy_config_t tclass=dir audit(1079690744.526:0): avc: denied { getattr } for pid=3577 exe=/bin/bash path=/selinux/enforce dev= ino=4 scontext=aleksey:staff_r:staff_t tcontext=system_u:object_r:security_t tclass=file
/usr/bin/selinuxenabled
Exits with status 0 if enabled.
Dan
On 19.03.2004 04:43, Daniel J Walsh wrote:
/usr/bin/selinuxenabled
Exits with status 0 if enabled.
Thanks!
selinux@lists.fedoraproject.org