selinux: how to query if selinux is enabled

Casey Schaufler casey at schaufler-ca.com
Thu Oct 8 18:33:59 UTC 2020


On 10/8/2020 10:40 AM, Olga Kornievskaia wrote:
> On Thu, Oct 8, 2020 at 1:06 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
>> On 10/7/2020 5:40 PM, Olga Kornievskaia wrote:
>>> Hi folks,
>>>
>>> >From some linux kernel module, is it possible to query and find out
>>> whether or not selinux is currently enabled or not?
>> % cat /sys/kernel/security/lsm
>> capability,yamma,selinux
> Thank you Casey, but it's frowned upon to read files from within a
> kernel. I'm looking for a kernel api to use.

The list of active LSMs is lsm_names, exported in include/linux/lsm_hooks.h




More information about the Linux-security-module-archive mailing list