SELinux Continues Path Of Deprecating Run-Time Disabling
For a while now SELinux has deprecated run-time disabling - those turning off SELinux via editing the /etc/selinux/config with SELINUX=disabled or by writing to /sys/fs/selinux/disable. Both of these run-time methods of disabling Security Enhanced Linux will be removed in the future.
To properly disable SELinux in an easy and non-invasive manner, selinux=0 can be passed as a kernel parameter when booting Linux. The selinux=0 option is the endorsed means of disabling Security Enhancd Linux. Alternatively, if rolling your own kernel there is also the CONFIG_SECURITY_SELINUX_DISABLE switch.
Once SELinux removes the ability to be disabled at run-time, they can move ahead with other internal security improvements that are currently blocked. In turn the improvements that can be made once dropping run-time disabling will further harden the Linux kernel against attacks.
Linux 6.1 still has the deprecated ability to handle SELinux run-time disabling but the pull request for this merge window does remove another documentation reference to that ability. The other SELinux changes for this cycle are rather light.