Use SELinuxfs to check selinux status

Currently, the cleanup script is using existence of
semanage binary to check if selinux is enabled. However
this is misleading and can lead to problems when selinux
is disabled in a system where the binary exist.

This patch changes the detection logic to use /sys/fs/selinux
directory which is a in-memory filesystem created only when
selinux is really enabled.

Change-Id: I008f8bbc9c8414ce948c601e3907e27764e15a52
Related-Bug: 1706386
This commit is contained in:
Alfredo Moralejo 2017-07-26 18:51:54 +02:00
parent 609bcee27b
commit b1961e14ea

View File

@ -45,7 +45,7 @@ fi
# for whatever policy is in the host kernel. We will run under
# "runcon" to specifically allow this
_runcon=""
if [[ -x /usr/sbin/semanage ]]; then
if [[ -d /sys/fs/selinux ]]; then
sudo semanage permissive -a setfiles_mac_t
_runcon="runcon -t setfiles_mac_t -- "
fi