Use SELinuxfs to check selinux status
Currently, the cleanup script is using existence of semanage binary to check if selinux is enabled. However this is misleading and can lead to problems when selinux is disabled in a system where the binary exist. This patch changes the detection logic to use /sys/fs/selinux directory which is a in-memory filesystem created only when selinux is really enabled. Change-Id: I008f8bbc9c8414ce948c601e3907e27764e15a52 Related-Bug: 1706386
This commit is contained in:
parent
609bcee27b
commit
b1961e14ea
@ -45,7 +45,7 @@ fi
|
|||||||
# for whatever policy is in the host kernel. We will run under
|
# for whatever policy is in the host kernel. We will run under
|
||||||
# "runcon" to specifically allow this
|
# "runcon" to specifically allow this
|
||||||
_runcon=""
|
_runcon=""
|
||||||
if [[ -x /usr/sbin/semanage ]]; then
|
if [[ -d /sys/fs/selinux ]]; then
|
||||||
sudo semanage permissive -a setfiles_mac_t
|
sudo semanage permissive -a setfiles_mac_t
|
||||||
_runcon="runcon -t setfiles_mac_t -- "
|
_runcon="runcon -t setfiles_mac_t -- "
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user