• Andrew Morton's avatar
    [PATCH] Enable SELinux via boot parameter · de4716fd
    Andrew Morton authored
    From: James Morris <jmorris@redhat.com>
    
    This patch adds an 'selinux' boot parameter which must be used to actually
    enable SELinux.
    
    It follows some internal discussion about deployment issues, where a vendor
    would want to ship a single kernel image with SELinux built-in, without
    requiring the user to use it.
    
    Without specifying selinux=1 as a boot parameter, SELinux will not register
    with LSM and selinuxfs will not be registered as a filesystem.  This causes
    SELinux to be bypassed entirely from then on, and no performance overhead
    is imposed.  Other security modules may then also be loaded if needed.
    de4716fd
selinuxfs.c 12.7 KB