#!/bin/bash
# Copyright 2026 Spearhead Systems SRL

# Reason for this no-op: shellcheck disable=... before the first command disables the error for the
# entire script.
:

# SELinux status:                 enabled
# SELinuxfs mount:                /sys/fs/selinux
# SELinux root directory:         /etc/selinux
# Loaded policy name:             targeted
# Current mode:                   permissive
# Mode from config file:          permissive
# Policy MLS status:              enabled
# Policy deny_unknown status:     allowed
# Max kernel policy version:      31

if command sestatus > /dev/null ; then
    # Selinux status
    status=`sestatus | grep "SELinux status:" | awk '{print $3}'`
    # the current mode
    curmode=`sestatus | grep "Current mode:" | awk '{print $3}'`
    # the mode from file
    filemode=`sestatus | grep "Mode from config file:" | awk '{print $5}'`
    echo '<<<selinux>>>'
    echo $status $curmode $filemode
fi
