Non-cached is_selinux_enabled() variant?

[praiskup]

Consider that the caller does chroot() first, and then asks for is_selinux_enabled(). The current implementation uses cached static variable values to report if SELinux is enabled, these values are initiated by the library constructor (before the caller has the chance to call chroot()).

selinux/libselinux/src/enabled.c

Lines 11 to 21 in 82195e7

	int is_selinux_enabled(void)
	{
	/* init_selinuxmnt() gets called before this function. We
	* will assume that if a selinux file system is mounted, then
	* selinux is enabled. */
	#ifdef ANDROID
	return (selinux_mnt ? 1 : 0);
	#else
	return (selinux_mnt && has_selinux_config);
	#endif
	}

selinux/libselinux/src/init.c

Lines 146 to 154 in 82195e7

	static void init_lib(void) __attribute__ ((constructor));
	static void init_lib(void)
	{
	selinux_page_size = sysconf(_SC_PAGE_SIZE);
	init_selinuxmnt();
	#ifndef ANDROID
	has_selinux_config = (access(SELINUXCONFIG, F_OK) == 0);
	#endif
	}

The thing is that tools like useradd --root /some/chroot need some API to detect that SELinux is disabled in the chroot for further logic.

[cgzones]

A call to fini_selinuxmnt(3) should cause is_selinux_enabled(3) to report disabled.