289387

Hmmm, I have a feeling this is going to lead to a lively discussion. Why oh why did anyone think that checking for the existence of selinuxfs in your kernel was a good way to determine if selinux is in use (techincally, is_selinux_enabled()).

  1. The existence of the filesystem doesn't imply that it's actually in use
  2. /proc may not be mounted
  3. The function that does the checking is extreme crack-rock for userspace code.

I have a hunch as to how things ended up like they are and unfortunately, it's such that I don't know that I see much resolution in the near-term. *sigh*

One thought on “289387”

Comments are closed.