[PATCH] selinux: add selinux_is_enforced() function

Sebastien Buisson sbuisson.ddn at gmail.com
Wed Apr 12 15:19:14 UTC 2017


2017-04-12 15:58 GMT+02:00 Stephen Smalley <sds at tycho.nsa.gov>:
> Even your usage of selinux_is_enabled() looks suspect; that should
> probably go away.  Only other user of it seems to be some cred validity
> checking that could be dropped as well.

Well the main reason for calling selinux_is_enabled() is performance
optimization.
Should I propose a patch to add a new security_is_enabled() function
at the LSM abstraction layer? Or do you consider we should not test
security enabled at all?
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list