SELinux update in Linux 6.4 Kernel: Run-Time disabling support deprecated for improved security

SELinux update in Linux 6.4 Kernel: Run-Time disabling support deprecated for improved security

With the Linux 6.4 kernel, SELinux can no longer be run-time disabled. While the ability to disable SELinux via its config file or sysfs has been deprecated for some time, this removal of run-time disabling support allows SELinux developers to make significant improvements currently blocked by this code.

However, those who still wish to disable SELinux support can do so through the selinux=0 boot time option or by toggling the "CONFIG_SECURITY_SELINUX_DISABLE" Kconfig switch when building the Linux kernel. This change was made as part of a larger effort to safely mark the LSM hook structures as '__ro_after_init'.

While some users may be inconvenienced by the removal of SELinux run-time disabling, this change ultimately helps to improve the security of the Linux operating system by preventing unwanted modifications to its security features. Check out the article linked under Official Sources for more technical details on this change.

by Mauricio B. Holguin

MORE ABOUT: #SELinux
SELinux iconSELinux
ย ย 7
  • Free โ€ข Open Source
  • ...

SELinux is a security-focused operating system that has been designed to keep your system safe from potential threats. It has four alternative options on AlternativeTo, including AppArmor, grsecurity, and TOMOYO Linux. SELinux is a popular choice for those who prioritize security, and its top features on AlternativeTo include its focus on security, making it an excellent option for users who want to keep their systems protected.

Related news

All news about SELinux ยป

External links

No comments so far, maybe you want to be first?
Gu