Jim Meyering wrote:
Paolo Bonzini wrote:
...
Ok? Should I test /selinux instead of /selinux/enforce?
That would be better, since a system for which $(getenforce) reports
"Permissive", that /selinux/enforce won't exist.
It might be better still simply to see if getenforce can be run.
getenforce is not installed on a Debian non-SELinux-enabled system,
still such a system has /selinux and can use libselinux.
Hi Paolo,
Perhaps we can view that as a feature.
Is it worthwhile to issue your new warning on such a system,
given its lack of real SELinux functionality?
Eh, I was even restraining myself actually... :-) If it was for me, I
would have warned on any linux host, you never know where your binaries
end up being used.
Paolo
