-2

I couldnt find the answer to this question before reading: getenforce source code. I just wanted to get the mode of selinux so I would know in runtime if selinux is enforcing and spamming avc denials because gdb is reading: gdb avc denial bug. I have no intention of fixing it so the solution I thought of was to warn the user if selinux is on enforcing mode. I was checking if selinux is enabled with is_sleinux_enabled() from selinux.h. But the problem is selinux could also be in Permissive mode which isnt an issue for denials since it only warns the user rather than killing the process.

Rob
  • 14,746
  • 28
  • 47
  • 65
Ömer Gök
  • 19
  • 5
  • *UNRELATED FROM THE QUESTION:* There is actually no question at all in your post. – Gerhardh Jul 05 '22 at 10:47
  • @Gerhardh The point I was trying to make is people like me who are starting with C will never have a chance of self learning it properly and when theyre stuck with learning, this is the place they end to ask with the libraries (e.g., selinux) that have absolutely no tutorial or book about using the api. And where do you expect me to cry about this? Of course here, why not? The wizards who have the answers to all [c] tagged questions somehow learned how this wormhole of C libraries work. And with all due respect this is where they live, so where should I beg for help??? – Ömer Gök Jul 05 '22 at 13:02
  • Im trying to use natural logic, not according to the rules all the time. Think about it as a clever sudo password prompt that lets people access lol. I already stated Im aware about the rules and the issue I was trying to address should be directed somewhere else. But in reality I stand back of what I said because thats simply how things worked until now. Thus, I think people should be more helpful with giving out some resources here instead of analysing if the question is asked accordingly to the rules or not. – Ömer Gök Jul 05 '22 at 13:08

1 Answers1

1

To see the mode selinux is currently using:

    #include <selinux/selinux.h>
    if (is_selinux_enabled())
        return security_getenforce();

link with -lselinux

Ömer Gök
  • 19
  • 5