Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/Documentation/ABI/obsolete/sysfs-selinux-disable 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) What:		/sys/fs/selinux/disable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) Date:		April 2005 (predates git)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) KernelVersion:	2.6.12-rc2 (predates git)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) Contact:	selinux@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) 	The selinuxfs "disable" node allows SELinux to be disabled at runtime
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) 	prior to a policy being loaded into the kernel.  If disabled via this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) 	mechanism, SELinux will remain disabled until the system is rebooted.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) 	The preferred method of disabling SELinux is via the "selinux=0" boot
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) 	parameter, but the selinuxfs "disable" node was created to make it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) 	easier for systems with primitive bootloaders that did not allow for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) 	easy modification of the kernel command line.  Unfortunately, allowing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) 	for SELinux to be disabled at runtime makes it difficult to secure the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) 	kernel's LSM hooks using the "__ro_after_init" feature.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) 	Thankfully, the need for the SELinux runtime disable appears to be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) 	gone, the default Kconfig configuration disables this selinuxfs node,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 	and only one of the major distributions, Fedora, supports disabling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) 	SELinux at runtime.  Fedora is in the process of removing the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) 	selinuxfs "disable" node and once that is complete we will start the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 	slow process of removing this code from the kernel.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) 	More information on /sys/fs/selinux/disable can be found under the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) 	CONFIG_SECURITY_SELINUX_DISABLE Kconfig option.
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.