libs/utils: Handle 'Disabled' SELinux with non-android userspaces
Created by: credp
On my Juno running Debian Jessie userspace, I have a problem with the selinux handling code in executor.py. I have selinux infrastructure, but none of it is enabled.
When you call getenforce, the value is 'Disabled' and return code 0. This causes us to set self._old_selinux_mode to 'Disabled' and proceed to call 'setenforce 0', which returns 'setenforce: SELinux is disabled' with return code 1 - which is correctly raised as a TargetError by target.execute. We can't restore the disabled mode either, setenforce always returns an error code.
setenforce 0 ; echo $? setenforce: SELinux is disabled 1 setenforce 1 ; echo $? setenforce: SELinux is disabled 1
Since what we're after is to have selinux in permissive mode, instead take account of the 'Disabled' _old_selinux_mode to also make no change to selinux mode, just like we do if getenforce doesn't exist.
Signed-off-by: Chris Redpath chris.redpath@arm.com