[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] warn on missing selinux files
From: |
Jim Meyering |
Subject: |
Re: [PATCH] warn on missing selinux files |
Date: |
Sat, 27 Jun 2009 15:25:40 +0200 |
Paolo Bonzini wrote:
...
>>> Ok? Should I test /selinux instead of /selinux/enforce?
>>
>> That would be better, since a system for which $(getenforce) reports
>> "Permissive", that /selinux/enforce won't exist.
>> It might be better still simply to see if getenforce can be run.
>
> getenforce is not installed on a Debian non-SELinux-enabled system,
> still such a system has /selinux and can use libselinux.
Hi Paolo,
Perhaps we can view that as a feature.
Is it worthwhile to issue your new warning on such a system,
given its lack of real SELinux functionality?
Actually, just testing for /selinux is fine.
An extra warning won't hurt, and might help.
For those who don't yet use SELinux, it might pique their curiosity
to the point that a few will investigate and eventually enable it.
Re: [PATCH] warn on missing selinux files, Jim Meyering, 2009/06/27