Update /etc/selinux/config for removal of runtime SELinux disable
This is in preparation for the following Fedora Change: https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
This commit is contained in:
Ondrej Mosnacek
zpytela
parent
4b8bcba2a7
commit
4cdd6f8332
@ -498,6 +498,21 @@ echo "
|
|||||||
# enforcing - SELinux security policy is enforced.
|
# enforcing - SELinux security policy is enforced.
|
||||||
# permissive - SELinux prints warnings instead of enforcing.
|
# permissive - SELinux prints warnings instead of enforcing.
|
||||||
# disabled - No SELinux policy is loaded.
|
# disabled - No SELinux policy is loaded.
|
||||||
|
# See also:
|
||||||
|
# https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/#getting-started-with-selinux-selinux-states-and-modes
|
||||||
|
#
|
||||||
|
# NOTE: In earlier Fedora kernel builds, SELINUX=disabled would also
|
||||||
|
# fully disable SELinux during boot. If you need a system with SELinux
|
||||||
|
# fully disabled instead of SELinux running with no policy loaded, you
|
||||||
|
# need to pass selinux=0 to the kernel command line. You can use grubby
|
||||||
|
# to persistently set the bootloader to boot with selinux=0:
|
||||||
|
#
|
||||||
|
# grubby --update-kernel ALL --args selinux=0
|
||||||
|
#
|
||||||
|
# To revert back to SELinux enabled:
|
||||||
|
#
|
||||||
|
# grubby --update-kernel ALL --remove-args selinux
|
||||||
|
#
|
||||||
SELINUX=enforcing
|
SELINUX=enforcing
|
||||||
# SELINUXTYPE= can take one of these three values:
|
# SELINUXTYPE= can take one of these three values:
|
||||||
# targeted - Targeted processes are protected,
|
# targeted - Targeted processes are protected,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user