[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Request to re-add option to disable SELinux - compromise



Daniel J Walsh wrote:

Also there is little difference between "selinux=0" and selinux=disabled
in the /etc/selinux/config file.

The init process checks the config file for this entry and then tells
the kernel to disable all SELinux components.  selinux=0 disables all
SELinux components before init runs.  At the time init is running there
is no loaded policy, so pretty much SELinux is disabled.

Since the advent of upstart, it's not init doing this any more, but in general you're right.

--
  Peter


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]