• Andrew Morton's avatar
    [PATCH] selinux: add runtime disable · c59f3ad7
    Andrew Morton authored
    From: Stephen Smalley <sds@epoch.ncsc.mil>
    
    This patch adds a kernel configuration option that enables writing to a new
    selinuxfs node 'disable' that allows SELinux to be disabled at runtime prior
    to initial policy load.  SELinux will then remain disabled until next boot.
    This option is similar to the selinux=0 boot parameter, but is to support
    runtime disabling of SELinux, e.g.  from /sbin/init, for portability across
    platforms where boot parameters are difficult to employ (based on feedback by
    Jeremy Katz).
    c59f3ad7
selinuxfs.c 23.3 KB