On Wed, Nov 11, 2020 at 5:19 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > On Wed, Nov 11, 2020 at 11:07 AM Petr Lautrbach <plautrba@xxxxxxxxxx> wrote: > > On Wed, Nov 11, 2020 at 10:51:34AM +0100, Ondrej Mosnacek wrote: > > > Update the main SELinux manpage to explain that runtime disable (i.e. > > > disabling SELinux using SELINUX=Disabled) is deprecated and recommend > > > disabling SELinux only via the kernel boot parameter. > > > > > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > > > --- > > > libselinux/man/man8/selinux.8 | 26 ++++++++++++++++++++++---- > > > 1 file changed, 22 insertions(+), 4 deletions(-) > > > > > > diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8 > > > index 31364271..721a65f4 100644 > > > --- a/libselinux/man/man8/selinux.8 > > > +++ b/libselinux/man/man8/selinux.8 > > > @@ -19,12 +19,12 @@ enabled or disabled, and if enabled, whether SELinux operates in > > > permissive mode or enforcing mode. The > > > .B SELINUX > > > variable may be set to > > > -any one of disabled, permissive, or enforcing to select one of these > > > -options. The disabled option completely disables the SELinux kernel > > > +any one of Disabled, Permissive, or Enforcing to select one of these > > > > Is there a reson for these changes? > > Just for better readability. Although I should probably just mark them > up, as in selinux_config(5)... > > > policycoreutils/man/man5/selinux_config.5 aka selinux_config(5) doesn't use > > capitals: > > > > SELINUX = enforcing | permissive | disabled > > Good point, it should be consistent. And also that page will need a > similar update. v2 coming soon... Thanks! -- paul moore www.paul-moore.com
