Post Syndicated from original https://lwn.net/Articles/831748/rss

Disabling SELinux
is, perhaps sadly in some ways, a time-honored tradition
for users of Fedora, RHEL, and other distributions that feature the
security mechanism. Over the years, SELinux has gotten easier to tolerate
due to the hard work of its developers and the distributions, but there are
still third-party packages that recommend or require disabling SELinux in
order to function. Up until fairly recently, the kernel has supported
disabling SELinux at run time, but that mechanism has been deprecated—in
part due to another kernel security feature. Now Fedora is planning
to eliminate the ability to disable SELinux at run time in Fedora 34, which sparked
some discussion in its devel mailing list.