On Wed, 2004-04-21 at 06:33, Stephen Smalley wrote: > To address this problem, we have developed and submitted a kernel patch > for the SELinux module that adds a runtime disable that can be invoked > prior to the initial policy load, so that /sbin/init will be able to > truly disable SELinux, unregistering its security hooks, NetFilter > hooks, and the selinuxfs filesystem. The patches were posted to lkml > and the NSA selinux mailing list, and are now in 2.6.6-rc2-mm1 and have > been submitted to Linus (but are not yet in bk). Once a kernel is > released with this support, /sbin/init can be updated to use it. Nine hours ago Linus accepted that patch into his tree.
