Re: Fedora Core 2 and SELinux

To address this problem, we have developed and submitted a kernel patch for the SELinux module that adds a runtime disable that can be invoked prior to the initial policy load, so that /sbin/init will be able to truly disable SELinux, unregistering its security hooks, NetFilter hooks, and the selinuxfs filesystem. The patches were posted to lkml and the NSA selinux mailing list, and are now in 2.6.6-rc2-mm1 and have been submitted to Linus (but are not yet in bk). Once a kernel is released with this support, /sbin/init can be updated to use it.