[Reportbug-maint] Bug#773346: reportbug should provide information about active LSM

Sandro Tosi morph at debian.org
Fri Jan 2 22:48:26 UTC 2015

Thanks for the reply!

> Calling /usr/sbin/sestatus should display several interesting
> information:
> ======
> SELinux status:                 enabled
> SELinuxfs mount:                /sys/fs/selinux
> SELinux root directory:         /etc/selinux
> Loaded policy name:             refpolicy
> Current mode:                   permissive
> Mode from config file:          permissive
> Policy MLS status:              enabled
> Policy deny_unknown status:     allowed
> Max kernel policy version:      29
> ======
> But this might be a bit too verbose, and I'm not sure whether the
> output is considered stable.

I think that would be an important part to clarify, eventually if
there is a parsable way to output this information; this will reduce
the maintenance cost on reportbug side.

> We could call /usr/sbin/selinuxenabled, but this tool doesn't indicate
> if we are running in the permissive mode or not. This information is
> important to know to see whether SELinux can be blocking something.
> Or we we could also, if don't want to rely on any external tools do
> the following I guess:

I'm ok in running sestatus, but it seems this tool is only available
if you are using SELinux and thus u have installed the relative
binaries, is there a way to identify if SELinux is enabled without
using that tool?

Sandro Tosi (aka morph, morpheus, matrixhasu)
My website: http://matrixhasu.altervista.org/
Me at Debian: http://wiki.debian.org/SandroTosi

More information about the Reportbug-maint mailing list