I see it's done in other places as well, but I think the selinuxMLSEnabledPath() may be a bit "too much abstraction", especially as we only use it in a single place; perhaps just inline it;

	enabledB, err := os.ReadFile(filepath.Join(getSelinuxMountPoint(), "mls"))

Should this be the reverse? (i.e., it return true if the file contains 1 ?

It is weird but apparently not https://github.com/SELinuxProject/selinux/blob/3f11c7d19c449996d7c34190d6aa74220b104779/libselinux/src/enabled.c#L51

Ooooh!

/*
 * Function: is_selinux_mls_enabled()
 * Return:   1 on success
 *	     0 on failure
 */

Hm.. right; perhaps would be good to add a comment there to describe it (perhaps also with that link) to explain this is really correct 😅.

I don't think we need the reverse it, in the linked code I see:

	if (!strcmp(buf, "1"))
		enabled = 1;

Doesn't that mean the function returns 1 when buf is "1"?

@giuseppe yes you're right

i was going through this line and documentation of strcmo multiple times I have no idea how I convoced myself to be wrong so many times

OH MY! 🤦 for some reason I completely didn't spot that as well. Thanks @giuseppe !!! (it adds to my dislike of "too many booleans")

fixed

It's more conventional in Go to omit Is prefixes (as the bool return already describes it's a boolean result). (Same for Get (and Set), but that's already in the code, so we can't reverse that 😂).

Perhaps (same for the non-exported variants);

// MLSEnabled checks if MLS is enabled.
func MLSEnabled() bool {

Which will be called as selinux.MLSEnabled(), e.g.

if selinux.MLSEnabled() {
    // do magic stuff!
}

Thank for information :D. I didn't change name of the helper as i could figure out any other name that would be sane and unexported.

This needs a return;

func isMLSEnabled() bool {
	return false
}