[LTP] [PATCH v4 1/2] core: add tst_selinux_enabled() utility
Petr Vorel
pvorel@suse.cz
Tue Jul 22 14:06:35 CEST 2025
Hi Andrea, all,
[ Cc Stephen, the fix author in case I'm wrong with reproducing on enforcing=0 ]
> Add tst_selinux_enabled() utility in tst_security.h in order to verify
> if SELinux is currently up and running in the system.
...
> +int tst_selinux_enabled(void)
> +{
> + int res = 0;
> +
> + if (tst_is_mounted(SELINUX_PATH))
> + res = 1;
I was wondering if it the test require enforcing or not therefore I retested it
and it's really reproducible with permissive mode, i.e. with kernel command line
security=selinux selinux=1 enforcing=0
Because if enforcing was required, I would be for using tst_selinux_enforcing(),
which checks /sys/fs/selinux/enforce for 1 as Wei suggested in v3:
https://lore.kernel.org/ltp/aHf839WS0BPIa5Zq@MiWiFi-CR6608-srv/
@Cyril @Andrea, just checking if /sys/fs/selinux/enforce exists would be faster
than looping /proc/mounts (via tst_is_mounted(SELINUX_PATH)). Can we just modify
the patch?
Kind regards,
Petr
+++ lib/tst_security.c
@@ -107,7 +107,7 @@ int tst_selinux_enabled(void)
{
int res = 0;
- if (tst_is_mounted(SELINUX_PATH))
+ if (access(SELINUX_STATUS_PATH, F_OK) == 0)
res = 1;
tst_res(TINFO, "SELinux enabled: %s", res ? "yes" : "no");
More information about the ltp
mailing list