lsm: Look for selinuxfs mounted on host

This ensures we handle the case where SELinux is compile in the kernel
(e.g. Fedora) but where it's disabled at runtime via selinux=0.

fixes #303

Signed-off-by: ckyrouac <[email protected]>

lib/src/lsm.rs

@@ -24,8 +24,9 @@ const SELF_CURRENT: &str = "/proc/self/attr/current";
 
 #[context("Querying selinux availability")]
 pub(crate) fn selinux_enabled() -> Result<bool> {
-    let filesystems = std::fs::read_to_string("/proc/filesystems")?;
-    Ok(filesystems.contains("selinuxfs\n"))
+    Path::new("/proc/1/root/sys/fs/selinux/enforce")
+        .try_exists()
+        .map_err(Into::into)
 }
 
 /// Get the current process SELinux security context