[PATCH] selinux: add runtime disable
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch adds a kernel configuration option that enables writing to a new selinuxfs node 'disable' that allows SELinux to be disabled at runtime prior to initial policy load. SELinux will then remain disabled until next boot. This option is similar to the selinux=0 boot parameter, but is to support runtime disabling of SELinux, e.g. from /sbin/init, for portability across platforms where boot parameters are difficult to employ (based on feedback by Jeremy Katz).
Showing
Please register or sign in to comment