Fedora Considering a Big Change to SELinux

By

Fedora developers planning to drop SELinux runtime disabling in an upcoming release.

Security Enhanced Linux (SELinux) is a security module, within the Linux kernel, that provides the necessary mechanisms for supporting access control security policies. With SELinux in place, your Linux distributions are more secure.
But with SELinux comes some headaches. In certain cases, it prevents applications from running properly or servers from being available to clients. Many times, when SELinux gets in the way, developers might opt to disable SELinux at run time, using the selinux=0 option within /etc/selinux/config. What this does is completely disable SELinux.

The Fedora developers are considering doing away with that option altogether for the 34th iteration of the platform. Why? First and foremost, it's a security issue. Without SELinux protecting your machines, they are more vulnerable.  Second, the option has been deprecated in the upstream kernel.

For those that think this is going to cause serious problems, fear not. Users will still be able to switch SELinux between "permissive" and "enforcing" modes using setenforce. By doing this, SELinux will not block anything and will log all policy violations. However, it should be noted that setting SELinux to "permissive" is often seen as disabling the feature, so users should proceed with caution.

Because of this upcoming change, Fedora users and admins will need to become a bit more informed about SELinux, in order to properly troubleshoot issues. 

For more information, check out the Fedora Wiki entry on the feature.

10/01/2020

Related content

  • Lead Image © Agustin Paz, 123RF.com
    Setting up SELinux policies
    Writing custom SELinux policy modules is not hard with some basic knowledge of SELinux. We show you how to distribute those modules to all the machines in your own system landscape.
    more »
  • © Pavel Ignatov, 123RF.com
    Practical SELinux
    Although SELinux is designed as a shield rather than a weapon, it still makes many admins wince. This is hard to understand, however, because operation is now uncomplicated, and SE adds enormous value in terms of the security of the entire system.
    more »
  • Lead Image © Amy Walters, 123RF.com
    Writing SELinux modules
    Much has happened in the field of SELinux in the last few years, including the development of new usability features. The current release makes it easier to write SELinux policy modules yourself.
    more »
  • SELinux Systems Vulnerable to sudo Vulnerability
    more »
  • Lead Image © Dmytro Demianenko, 123RF.com
    Dialing up security for Docker containers
    Docker containers are a convenient way to run almost any service, but admins need to be aware of the need to address some important security issues.
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=