SELinux

Trevor · ‎10-12-2024

When booting a Linux system, what is the kernel parameter that can be provided,
so that no part of the SELinux infrastructure is loaded by the kernel?

Trevor "Red Hat Evangelist" Chandler

Chetan_Tiwary_ · ‎10-13-2024

@Trevor such a great question! I remember being asked this question in one of my interviews long back!

Trevor · ‎10-13-2024

Hello Chetan, thanks for the kind word on my question.

I hope the question didn't bring back any upleasant
memories

Trevor "Red Hat Evangelist" Chandler

Chetan_Tiwary_ · ‎10-13-2024

haha no way ! I was well prepared for that grenade!

Trevor · ‎10-13-2024

And I wouldn't doubt that of all the candidate that the hiring panel interviewed,
you were the only one who responded correctly, and with authority - sending
shockwaves throughout the minds of the commiteee!!!

Trevor "Red Hat Evangelist" Chandler

Chetan_Tiwary_ · ‎10-13-2024

jkuhn0015

I am really just starting my journy with Red Hat and the community here. This is the first discussion that caught my attention. Where would I find the answer to this quetion?

TudorRaduta

Good question to start your journey with, this one teaches you how the system behaves before user space even loads.
Here’s a structured hint to guide your research:

check the kernel parameters that are passed at boot. You can view them in /proc/cmdline.
look specifically for parameters related to SELinux initialization. The correct one disables SELinux loading entirely.

And here’s your challenge: once you find the parameter, try booting a lab system with it applied. After the reboot, run the SELinux status tools you’ve learned. What changes do you observe in how the system reports its security state?

Post your findings to confirm you’ve understood it correctly.

Ad_astra

Adding selinux=0 to the GRUB2 linux command line parameters will disable SE Linux.

Commands such as sestatus and getsebool -a will show that SE Linux is in a disabled state.