Discover Security Projects News
SELinux In Linux 6.4 Removes Run-Time Disabling Support
After being deprecated for several years, Security Enhanced Linux "SELinux" beginning with the Linux 6.4 kernel can no longer be run-time disabled.
For a while now SELinux deprecated run-time disabling for turning off SELinux via its config file or sysfs. By getting rid of the run-time disabling support, SELinux developers can make various improvements currently blocked by this code.
Those wishing to disable SELinux support can still do so via the selinux=0 boot time option or when building the Linux kernel toggling the "CONFIG_SECURITY_SELINUX_DISABLE" Kconfig switch.
The SELinux run-time disabling removal is made as part of this pull request pending for the newly-opened Linux 6.4 merge window.