On Sun, Dec 06 2009, Clint Adams wrote: > On Sun, Dec 06, 2009 at 08:09:18PM +0100, Frans Pop wrote: >> Hmmm. is_selinux_enabled() in src/enabled.c has the following code which is >> executed if selinux_mnt is NULL: >> /* Drop back to detecting it the long way. */ >> fp = fopen("/proc/filesystems", "r"); >> if (!fp) >> return -1; >> >> So, is_selinux_enabled() returns -1 here, which makes the test in sed true: >> ./sed-4.2.1/sed/execute.c:748: if (is_selinux_enabled ()) > > If -1 is a valid response, the is_selinux_enabled man page should be > corrected.
It is not a valid response, it is an error response. As the man page says, is_selinux_enabled returns 1 if SELinux is running or 0 if it is not. Anything else is undefined; you certainly should not assume that selinux is running unless the return value is 1. >> Should sed maybe explicitly test for a value of 1 (or > 0) instead? > > Is -1 meant to be an "I don't know" response? It is meant to be an error value. Since you can't take corrective action, just ignore it and go on. manoj -- "They that can give up essential liberty to obtain a little temporary saftey deserve neither liberty not saftey." -- Benjamin Franklin, 1759 Manoj Srivastava <sriva...@acm.org> <http://www.golden-gryphon.com/> 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org