Fix selinux_enabled function

Prior to this fix the selinux_enabled function would always return true, even if selinux was set to disabled or permissive. Signed-off-by: ckyrouac <[email protected]>
containers · Feb 13, 2024 · f5e6a93 · f5e6a93
1 parent 406b905
commit f5e6a93
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/lib/src/lsm.rs b/lib/src/lsm.rs
@@ -24,8 +24,7 @@ const SELF_CURRENT: &str = "/proc/self/attr/current";
 
 #[context("Querying selinux availability")]
 pub(crate) fn selinux_enabled() -> Result<bool> {
-    let filesystems = std::fs::read_to_string("/proc/filesystems")?;
-    Ok(filesystems.contains("selinuxfs\n"))
+    Path::new("/proc/1/root/sys/fs/selinux/enforce").try_exists().map_err(Into::into)
 }
 
 /// Get the current process SELinux security context