Re: [PATCH] selinux: add selinux_is_enforced() function

From: Sebastien Buisson
Date: Wed Apr 12 2017 - 11:20:03 EST


2017-04-12 15:58 GMT+02:00 Stephen Smalley <sds@xxxxxxxxxxxxx>:
> Even your usage of selinux_is_enabled() looks suspect; that should
> probably go away. Only other user of it seems to be some cred validity
> checking that could be dropped as well.

Well the main reason for calling selinux_is_enabled() is performance
optimization.
Should I propose a patch to add a new security_is_enabled() function
at the LSM abstraction layer? Or do you consider we should not test
security enabled at all?