Consider that the caller does chroot() first, and then asks for is_selinux_enabled(). The current implementation uses cached static variable values to report if SELinux is enabled, these values are initiated by the library constructor (before the caller has the chance to call chroot()).
|
int is_selinux_enabled(void) |
|
{ |
|
/* init_selinuxmnt() gets called before this function. We |
|
* will assume that if a selinux file system is mounted, then |
|
* selinux is enabled. */ |
|
#ifdef ANDROID |
|
return (selinux_mnt ? 1 : 0); |
|
#else |
|
return (selinux_mnt && has_selinux_config); |
|
#endif |
|
} |
|
static void init_lib(void) __attribute__ ((constructor)); |
|
static void init_lib(void) |
|
{ |
|
selinux_page_size = sysconf(_SC_PAGE_SIZE); |
|
init_selinuxmnt(); |
|
#ifndef ANDROID |
|
has_selinux_config = (access(SELINUXCONFIG, F_OK) == 0); |
|
#endif |
|
} |
The thing is that tools like useradd --root /some/chroot need some API to detect that SELinux is disabled in the chroot for further logic.
Consider that the caller does
chroot()first, and then asks foris_selinux_enabled(). The current implementation uses cached static variable values to report if SELinux is enabled, these values are initiated by the library constructor (before the caller has the chance to callchroot()).selinux/libselinux/src/enabled.c
Lines 11 to 21 in 82195e7
selinux/libselinux/src/init.c
Lines 146 to 154 in 82195e7
The thing is that tools like
useradd --root /some/chrootneed some API to detect that SELinux is disabled in the chroot for further logic.