From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754636AbdDLPT7 (ORCPT ); Wed, 12 Apr 2017 11:19:59 -0400 Received: from mail-qt0-f196.google.com ([209.85.216.196]:35610 "EHLO mail-qt0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752513AbdDLPTz (ORCPT ); Wed, 12 Apr 2017 11:19:55 -0400 MIME-Version: 1.0 In-Reply-To: <1492005519.3881.8.camel@tycho.nsa.gov> References: <1491988018-4120-1-git-send-email-sbuisson@ddn.com> <1492005519.3881.8.camel@tycho.nsa.gov> From: Sebastien Buisson Date: Wed, 12 Apr 2017 17:19:14 +0200 Message-ID: Subject: Re: [PATCH] selinux: add selinux_is_enforced() function To: Stephen Smalley Cc: Paul Moore , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov, william.c.roberts@intel.com, serge@hallyn.com, james.l.morris@oracle.com, Eric Paris , Paul Moore , Sebastien Buisson Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2017-04-12 15:58 GMT+02:00 Stephen Smalley : > Even your usage of selinux_is_enabled() looks suspect; that should > probably go away. Only other user of it seems to be some cred validity > checking that could be dropped as well. Well the main reason for calling selinux_is_enabled() is performance optimization. Should I propose a patch to add a new security_is_enabled() function at the LSM abstraction layer? Or do you consider we should not test security enabled at all?