No description
685f4aeead
SELinux can be disabled via the selinux=0 kernel parameter or via /sys/fs/selinux/disable (triggered by setting SELINUX=disabled in /etc/selinux/config). In either case, selinuxfs will be unmounted and unregistered and therefore it is sufficient to check for the selinuxfs mount. We do not need to check for no-policy-loaded and treat that as SELinux-disabled anymore; that is a relic of Fedora Core 2 days. Drop the no-policy-loaded test, which was a bit of a hack anyway (checking whether getcon_raw() returned "kernel" as that can only happen if no policy is yet loaded and therefore security_sid_to_context() only has the initial SID name available to return as the context). May possibly fix https://bugzilla.redhat.com/show_bug.cgi?id=1195074 by virtue of removing the call to getcon_raw() and therefore avoiding use of tls on is_selinux_enabled() calls. Regardless, it will make is_selinux_enabled() faster and simpler. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> |
||
|---|---|---|
| checkpolicy | ||
| libselinux | ||
| libsemanage | ||
| libsepol | ||
| policycoreutils | ||
| scripts | ||
| secilc | ||
| sepolgen | ||
| .gitignore | ||
| Android.mk | ||
| CleanSpec.mk | ||
| Makefile | ||
| README | ||
Please submit all bug reports and patches to selinux@tycho.nsa.gov. Subscribe via selinux-join@tycho.nsa.gov. Build dependencies on Fedora: yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig ustr-devel To build and install everything under a private directory, run: make DESTDIR=~/obj install install-pywrap To install as the default system libraries and binaries (overwriting any previously installed ones - dangerous!), on x86_64, run: make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel or on x86 (32-bit), run: make install install-pywrap relabel This may render your system unusable if the upstream SELinux userspace lacks library functions or other dependencies relied upon by your distribution. If it breaks, you get to keep both pieces.