Paolo Bonzini wrote:
...
Ok? Should I test /selinux instead of /selinux/enforce?
That would be better, since a system for which $(getenforce) reports
"Permissive", that /selinux/enforce won't exist.
It might be better still simply to see if getenforce can be run.
getenforce is not installed on a Debian non-SELinux-enabled system,
still such a system has /selinux and can use libselinux.
Hi Paolo,
Perhaps we can view that as a feature.
Is it worthwhile to issue your new warning on such a system,
given its lack of real SELinux functionality?