Update /etc/selinux/config for removal of runtime SELinux disable

This is in preparation for the following Fedora Change:
https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
This commit is contained in:
Ondrej Mosnacek 2020-09-22 17:09:42 +02:00 committed by zpytela
parent 4b8bcba2a7
commit 4cdd6f8332

View File

@ -498,6 +498,21 @@ echo "
# enforcing - SELinux security policy is enforced. # enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing. # permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded. # disabled - No SELinux policy is loaded.
# See also:
# https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/#getting-started-with-selinux-selinux-states-and-modes
#
# NOTE: In earlier Fedora kernel builds, SELINUX=disabled would also
# fully disable SELinux during boot. If you need a system with SELinux
# fully disabled instead of SELinux running with no policy loaded, you
# need to pass selinux=0 to the kernel command line. You can use grubby
# to persistently set the bootloader to boot with selinux=0:
#
# grubby --update-kernel ALL --args selinux=0
#
# To revert back to SELinux enabled:
#
# grubby --update-kernel ALL --remove-args selinux
#
SELINUX=enforcing SELINUX=enforcing
# SELINUXTYPE= can take one of these three values: # SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected, # targeted - Targeted processes are protected,