I’m working with an externally created script that reads from /proc/self/attr/current to get SELinux configuration info. It seems that, even though permissions on the file are
0666, on some systems this file can be read with no problem while on others generate an “invalid argument” error. Specifically, there is 1 server out of 3 in a Kubernetes cluster where this file cannot be read, while on the other 2 it contains the string “unconfined”.
I came across this thread which reported the same issue without resolution.
What could be preventing this file from being read?
OS is Debian 8.
/proc/[pid]/attr/current provides the current security attributes for the process. This isn’t necessarily SELinux; it is also used by AppArmor.
In the case of Debian systems, it almost certainly is AppArmor, as SELinux is rarely or never used on Debian.
In particular, the bare string
unconfined also indicates it’s AppArmor; SELinux would have a much longer “unconfined” string, such as
When this path can’t be read, neither SELinux nor AppArmor is enabled.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.