Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Fedora 34 Aims To Further Enhance Security But Will Lose Runtime Disabling Of SELinux

Written by Michael Larabel in Fedora on 24 September 2020 at 12:07 AM EDT. 29 Comments

FEDORA

Currently on Fedora the Security Enhanced Linux (SELinux) functionality that's there by default can be disabled at run-time via the /etc/selinux/config but moving forward with Fedora 34 they are looking at removing that support and focusing just on disabling via selinux=0 at the kernel boot time in order to provide greater security.

At present on Fedora, those wanting to forego the security safeguards can either pass selinux=0 as the kernel command line option to disable the support at boot time or by disabling it within the /etc/selinux/config file that in turn disables the support at run-time.

But that run-time disabling via the etc configuration file is deprecated upstream and comes with a security compromise around the kernel Linux security module (LSM) hooks.

So starting with Fedora 34 the plan being looked at is to disable the run-time disabling support and migrating users to ensuring they are using selinux=0 as the kernel option for disabling SELinux should you not want this feature for performance reasons or other factors. For those with SELinux enabled, this provides further security hardening possibilities.

More details for those interested in this proposed Fedora 34 change via the Fedora Wiki.

29 Comments

Related News

Fedora 39 To Raise Its vm.max_map_count To Satisfy Some Steam Play Games

Fedora Onyx To Become An Official Fedora Linux Immutable Variant

Fedora Developers Discuss An Idea For Using U-Boot On x86 BIOS Systems

Fedora To Further Evaluate vm.max_map_count Tuning For Better Linux Gaming Experience

Fedora 39 Looks To Ship mkosi-initrd As A Modern Alternative To Dracut

Fedora Onyx Aims To Be A New Fedora Linux Immutable Variant

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Red Hat To Stop Shipping LibreOffice In Future RHEL, Limiting Fedora LO Involvement

System76's Coreboot Open Firmware Manages To Disable Intel ME For Raptor Lake

Debian 12 "Bookworm" Set For Release Next Week With Around 100 Known Bugs

AMD Ready For Ryzen Linux Systems To Use AMD P-State Active Mode By Default

Phoronix.com Turns 19 Years Old For Covering Linux Hardware, Open-Source News

Steam On Linux Use Ticked Higher In May, 25% Of Linux Gamers Are Using The Steam Deck

One Of Intel's Newest Open-Source Projects Is A New Font For Developers

KDE Plasma 6.0 Stability "Improving Daily"