SELinux Configuration

• The SELinux security mechanism enabled by default in the Linux OS makes the TEE function unavailable. If you want to use SELinux in your OS, manually configure SELinux rules.
• Disabling SELinux may cause security issues. If you do not plan to enable SELinux, it is recommended that an end-to-end solution be used to eliminate the risks caused by disabling SELinux. You shall bear the security risks by yourself. If you need to enable SELinux, configure fine-grained security rules based on actual SELinux issues to ensure system security.

Perform the following operations on the KVM to configure SELinux.

• Disable SELinux temporarily.

  setenforce 0

• Disabling SELinux permanently (taking effect after the system is restarted)

  sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config