SELinux In Linux 6.4 Removes Run-Time Disabling Support

Written by Michael Larabel in Linux Security on 24 April 2023 at 08:30 AM EDT. 23 Comments
LINUX SECURITY
After being deprecated for several years, Security Enhanced Linux "SELinux" beginning with the Linux 6.4 kernel can no longer be run-time disabled.

For a while now SELinux deprecated run-time disabling for turning off SELinux via its config file or sysfs. By getting rid of the run-time disabling support, SELinux developers can make various improvements currently blocked by this code.


Those wishing to disable SELinux support can still do so via the selinux=0 boot time option or when building the Linux kernel toggling the "CONFIG_SECURITY_SELINUX_DISABLE" Kconfig switch.
* Remove the runtime disable functionality
After several years of work by the userspace and distro folks, we are finally in a place where we feel comfortable removing the runtime disable functionality which we initially deprecated at the start of 2020. There is plenty of information in the kernel's deprecation (now removal) notice, but the main motivation was to be able to safely mark
the LSM hook structures as '__ro_after_init'.

The SELinux run-time disabling removal is made as part of this pull request pending for the newly-opened Linux 6.4 merge window.

SELinux logo


More details on the technical reasons and other information about this SELinux run-time disable removal via this patch.
23 Comments
Related News
Linux 6.9-rc6 To Fix Accidentally Disabling Mitigations By Default For Non-x86 CPUs
Linux BHI Mitigation Being Tweaked Following 12% Database Performance Hit
Linux 6.9-rc4 To Bring New Fixes For x86 Speculation Mitigations
Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability
GitHub Disables The XZ Repository Following Today's Malicious Disclosure
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Fedora Linux 40 Available For Download As A Wonderful Upgrade
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
Ubuntu 24.04 LTS Downloads Now Available
Proton 9.0 RC2 Makes More Windows Games Playable On Linux, Other Fixes