[Reportbug-maint] Bug#773346: reportbug should provide information about active LSM
bigon at debian.org
Tue Aug 29 12:37:31 UTC 2017
Le 08/11/15 à 23:32, Laurent Bigonville a écrit :
> Le 08/11/15 23:13, Sandro Tosi a écrit :
>> On Sun, Nov 8, 2015 at 9:27 PM, Laurent Bigonville <bigon at debian.org>
>>> On Fri, 2 Jan 2015 22:48:26 +0000 Sandro Tosi <morph at debian.org> wrote:
>>>> Thanks for the reply!
>>> Any progress on this?
> mmh, indeed
>> I'm ok in running sestatus, but it seems this tool is only available
>> if you are using SELinux and thus u have installed the relative
>> binaries, is there a way to identify if SELinux is enabled without
>> using that tool?
>>> But this might be a bit too verbose, and I'm not sure whether the
>>> output is considered stable.
>> I think that would be an important part to clarify, eventually if
>> there is a parsable way to output this information; this will reduce
>> the maintenance cost on reportbug side.
> An other tool which seem to have a stable output is
> /usr/sbin/getenforce, it outputs either Disabled, Permissive or
> Enforcing. But again this is a tool that is part of SELinux toolset
> (selinux-utils package).
> Like I said in my previous mail:
>> Or we we could also, if don't want to rely on any external tools do
>> the following I guess:
>> - Check /proc/mount to see whether a "selinuxfs" filesystem is mounted
>> that would indicate that selinux is at least enabled on the machine.
>> (The mountpoint can, by default, either /sys/fs/selinux or /selinux)
>> - Then a more granular status can be checked by looking in
>> <mount_point>/enforce, <mount_point>/mls, <mount_point>/deny_unknown.
>> The files contain 1/0 (true/false) to indicate whether SELinux is in
>> enforcing mode, using MLS or denying unknown access vectors.
> This is basically what getenfoce utility (and libselinux) is doing
> Laurent Bigonville
More information about the Reportbug-maint