gitea/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-03-26 21:33:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

selinux: update kernel boot params when disabling/re-enabling SELinux

Browse Source 
The ability to disable SELinux from userspace based on the configuration
file is being deprecated in favor of the selinux=0 kernel boot
parameter. (Note that this affects only the "full" disable; switching
to/from permissive mode will work the same as before.)

Therefore, add an 'update_kernel_param' module parameter that will cause
it to set/unset the kernel command-line parameter using grubby when
enabling/disabling SELinux. (An explicit parameter was chosen for
backwards compatibility.)

More information:
https://lore.kernel.org/selinux/157836784986.560897.13893922675143903084.stgit@chester/
https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
This commit is contained in:
Ondrej Mosnacek
2020-12-15 17:24:37 +01:00
committed by Abhijeet Kasurde
parent 6e2230c1b3
commit 53d47e1763
3 changed files with 120 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/disable_selinux_via_kernel_cmdline.yml Normal file
View File

@@ -0,0 +1,2 @@
minor_changes:
- selinux - optionally update kernel boot params when disabling/re-enabling SELinux (https://github.com/ansible-collections/ansible.posix/pull/142).