Documentation for a newer release is available. View Latest


Alinear la política SELinux con el kernel actual

En la versión Fedora 34, la política de SELinux ha sido actualizada para que coincida con el kernel actual de manera que SELinux pueda utilizar las funciones proporcionadas por el kernel.

Las mejoras de la política de SELinux incluye nuevos:

  • clases: lockdown, perf_event

  • permisos: watch, watch_mount, watch_reads, watch_sb, watch_with_perm

  • capabilities: bpf, checkpoint_restore, perfmon

This update brings better granularity for granting permissions, which has subsequent security benefits.

Support for disabling SELinux through /etc/selinux/config has been removed

With this release, support for disabling SELinux through the SELINUX=disabled option in the /etc/selinux/config file has been removed from the kernel. Furthermore, the Anaconda installation program and the corresponding man pages have been updated to reflect this change. This change also enables read-only-after-initialization protection for the Linux Security Module (LSM) hooks.

If your scenario requires to disable SELinux, add the selinux=0 parameter to your kernel command line.