Detecting MLS mode
Moray Henderson
Moray.Henderson at ict-software.org
Mon Mar 5 17:26:52 UTC 2012
Is there an easy way for a script to detect whether MLS mode is enabled?
On CentOS 5 whether running normally or in Anaconda's rescue mode,
SELINUX=enforcing (or permissive), SELINUXTYPE=targeted, there is no
/etc/selinux/mls directory and cat /selinux/mls prints "1".
However, with CentOS running normally a command to set a context works,
while from rescue mode the same command fails with "cannot setup default
context" unless I add and :s0 MLS piece. That's fine when I'm doing things
manually, but I'd like a script to detect whether it's being run in an
environment that needs the :s0 added. I don't want to just add :s0 all the
time, in case it's already there in the context string I'm trying to set.
Moray.
"To err is human; to purr, feline."
More information about the selinux
mailing list