-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
False
-
-
None
-
Red Hat Enterprise Linux
-
CCS 2024-9, CCS 2024-10, CCS 2024-11, CCS 2024-12
-
None
-
Unspecified
-
Unspecified
-
Unspecified
Document link:
Section number and name:
17.2.5 Disabling SELinux
Describe the issue:
As per KCS 4890471 and RHEL8.4 release note ("Runtime disabling SELinux using /etc/selinux/config is now deprecated" in https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/8.4_release_notes/index#deprecated-functionality_security), we should show procedure that disables SELinux with selinux=0 in kernel boot parameter instead of SELINUX=disabled in /etc/selinux/config.
/etc/selinux/config has been deprecated since RHEL8.4 and it has a risk to cause kernel panic as a warning mentioned in this Chapter.
Suggestions for improvement:
Currently, 17.2.5. Disabling SELinux has a Warning section and procedure on how to disable selinux with SELINUX=disabled.
I suggests that ...
- Remove the current Warning section
- Show the procedure using selinux=0 in kernel boot parameter.
- Create a new Warning section that explains /etc/selinux/config might cause kernel panic and this procedure has been already deprecated since RHEL8.4.
Additional information:
- clones
-
RHELDOCS-17860 Change procedure to disable selinux
- Closed
- mentioned on