Hmmm, I have a feeling this is going to lead to a lively discussion. Why oh why did anyone think that checking for the existence of selinuxfs in your kernel was a good way to determine if selinux is in use (techincally, is_selinux_enabled()).
- The existence of the filesystem doesn't imply that it's actually in use
- /proc may not be mounted
- The function that does the checking is extreme crack-rock for userspace code.
I have a hunch as to how things ended up like they are and unfortunately, it's such that I don't know that I see much resolution in the near-term. *sigh*