[Reportbug-maint] Bug#773346: reportbug should provide information about active LSM
Sandro Tosi
morph at debian.org
Fri Jan 2 22:48:26 UTC 2015
Thanks for the reply!
> Calling /usr/sbin/sestatus should display several interesting
> information:
>
> ======
> SELinux status: enabled
> SELinuxfs mount: /sys/fs/selinux
> SELinux root directory: /etc/selinux
> Loaded policy name: refpolicy
> Current mode: permissive
> Mode from config file: permissive
> Policy MLS status: enabled
> Policy deny_unknown status: allowed
> Max kernel policy version: 29
> ======
>
> But this might be a bit too verbose, and I'm not sure whether the
> output is considered stable.
I think that would be an important part to clarify, eventually if
there is a parsable way to output this information; this will reduce
the maintenance cost on reportbug side.
> We could call /usr/sbin/selinuxenabled, but this tool doesn't indicate
> if we are running in the permissive mode or not. This information is
> important to know to see whether SELinux can be blocking something.
>
> Or we we could also, if don't want to rely on any external tools do
> the following I guess:
I'm ok in running sestatus, but it seems this tool is only available
if you are using SELinux and thus u have installed the relative
binaries, is there a way to identify if SELinux is enabled without
using that tool?
Regards,
--
Sandro Tosi (aka morph, morpheus, matrixhasu)
My website: http://matrixhasu.altervista.org/
Me at Debian: http://wiki.debian.org/SandroTosi
More information about the Reportbug-maint
mailing list