On Wed, 2004-04-21 at 06:33, Stephen Smalley wrote:
To address this problem, we have developed and submitted a kernel
for the SELinux module that adds a runtime disable that can be invoked
prior to the initial policy load, so that /sbin/init will be able to
truly disable SELinux, unregistering its security hooks, NetFilter
hooks, and the selinuxfs filesystem. The patches were posted to lkml
and the NSA selinux mailing list, and are now in 2.6.6-rc2-mm1 and have
been submitted to Linus (but are not yet in bk). Once a kernel is
released with this support, /sbin/init can be updated to use it.
Nine hours ago Linus accepted that patch into his tree.