| Message ID | 20201111162340.527105-4-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Update manpages to reflect that runtime SELinux disable is deprecated | expand |
On Wed, Nov 11, 2020 at 5:23 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > ...and refer to selinux(8), which explains it further. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > policycoreutils/man/man5/selinux_config.5 | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5 > index 1ffade15..8d56a559 100644 > --- a/policycoreutils/man/man5/selinux_config.5 > +++ b/policycoreutils/man/man5/selinux_config.5 > @@ -48,7 +48,7 @@ SELinux security policy is enforced. > .IP \fIpermissive\fR 4 > SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed). > .IP \fIdisabled\fR > -SELinux is disabled and no policy is loaded. > +No SELinux policy is loaded. This option was used to disable SELinux completely, which is now deprected. Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)). Hi, there is a misspelling here: deprected -> deprecated. Otherwise the 3 patches look good to me, thanks! Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org> Nicolas
On Wed, Nov 11, 2020 at 10:19 PM Nicolas Iooss <nicolas.iooss@m4x.org> wrote: > > On Wed, Nov 11, 2020 at 5:23 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > > > ...and refer to selinux(8), which explains it further. > > > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > --- > > policycoreutils/man/man5/selinux_config.5 | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5 > > index 1ffade15..8d56a559 100644 > > --- a/policycoreutils/man/man5/selinux_config.5 > > +++ b/policycoreutils/man/man5/selinux_config.5 > > @@ -48,7 +48,7 @@ SELinux security policy is enforced. > > .IP \fIpermissive\fR 4 > > SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed). > > .IP \fIdisabled\fR > > -SELinux is disabled and no policy is loaded. > > +No SELinux policy is loaded. This option was used to disable SELinux completely, which is now deprected. Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)). > > Hi, there is a misspelling here: deprected -> deprecated. Otherwise > the 3 patches look good to me, thanks! > > Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org> Merged. Thanks, Nicolas
diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5 index 1ffade15..8d56a559 100644 --- a/policycoreutils/man/man5/selinux_config.5 +++ b/policycoreutils/man/man5/selinux_config.5 @@ -48,7 +48,7 @@ SELinux security policy is enforced. .IP \fIpermissive\fR 4 SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed). .IP \fIdisabled\fR -SELinux is disabled and no policy is loaded. +No SELinux policy is loaded. This option was used to disable SELinux completely, which is now deprected. Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)). .RE .sp The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
...and refer to selinux(8), which explains it further. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- policycoreutils/man/man5/selinux_config.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)