Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
Fedora 34 Aims To Further Enhance Security But Will Lose Runtime Disabling Of SELinux
At present on Fedora, those wanting to forego the security safeguards can either pass selinux=0 as the kernel command line option to disable the support at boot time or by disabling it within the /etc/selinux/config file that in turn disables the support at run-time.
But that run-time disabling via the etc configuration file is deprecated upstream and comes with a security compromise around the kernel Linux security module (LSM) hooks.
So starting with Fedora 34 the plan being looked at is to disable the run-time disabling support and migrating users to ensuring they are using selinux=0 as the kernel option for disabling SELinux should you not want this feature for performance reasons or other factors. For those with SELinux enabled, this provides further security hardening possibilities.
More details for those interested in this proposed Fedora 34 change via the Fedora Wiki.