Fedora 34 Aims To Further Enhance Security But Will Lose Runtime Disabling Of SELinux

Written by Michael Larabel in Fedora on 24 September 2020 at 12:07 AM EDT. 29 Comments
Currently on Fedora the Security Enhanced Linux (SELinux) functionality that's there by default can be disabled at run-time via the /etc/selinux/config but moving forward with Fedora 34 they are looking at removing that support and focusing just on disabling via selinux=0 at the kernel boot time in order to provide greater security.

At present on Fedora, those wanting to forego the security safeguards can either pass selinux=0 as the kernel command line option to disable the support at boot time or by disabling it within the /etc/selinux/config file that in turn disables the support at run-time.

But that run-time disabling via the etc configuration file is deprecated upstream and comes with a security compromise around the kernel Linux security module (LSM) hooks.

So starting with Fedora 34 the plan being looked at is to disable the run-time disabling support and migrating users to ensuring they are using selinux=0 as the kernel option for disabling SELinux should you not want this feature for performance reasons or other factors. For those with SELinux enabled, this provides further security hardening possibilities.

More details for those interested in this proposed Fedora 34 change via the Fedora Wiki.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week