Commit graph

3 commits

Author SHA1 Message Date
Ondrej Mosnacek
db3dc1ca8b Clarify enabling/disabling procedures for SELinux
* Simplify list of required packages (and add `grubby`).
* Move Disabled -> Enforcing steps from `changing-to-enforcing-mode` to
  `enabling-selinux`.
* In `changing-to-enforcing-mode`, use the correct procedure based on
  whether SELinux is currently Permissive or Disabled.
* Add step for ensuring that filesystem is relabeled when re-enabling
  SELinux.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-11-10 09:46:54 +00:00
Ondrej Mosnacek
65925232d5 Update instructions for disabling and re-enabling SELinux
The kernel functionality that allowed to disable SELinux by changing
/etc/selinux/config is now deprecated and will be removed in F34 [1].
While setting SELINUX=Disabled will still lead to a similar state even
after the removal, it is better to guide users to disable SELinux via
kernel boot parameters, which will actually disable SELinux completely
(as in no SElinux code is executed by the kernel).

[1] https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-11-10 09:46:54 +00:00
Adam Samalik
cf5acc8f3a switch to Antora part 2018-07-27 18:53:34 +02:00
Renamed from en-US/modules/proc_enabling-selinux.adoc (Browse further)