2017-04-12 15:58 GMT+02:00 Stephen Smalley <s...@tycho.nsa.gov>: > Even your usage of selinux_is_enabled() looks suspect; that should > probably go away. Only other user of it seems to be some cred validity > checking that could be dropped as well.
Well the main reason for calling selinux_is_enabled() is performance optimization. Should I propose a patch to add a new security_is_enabled() function at the LSM abstraction layer? Or do you consider we should not test security enabled at all?