2.1.9 Stronger Security with SELinux Enabled by Default

Starting with Oracle Exadata System Software release 25.2.0, all new Exadata implementations use SELinux in permissive mode by default, significantly strengthening the default Exadata security posture.

The default configuration includes a pre-built SELinux policy that is custom-engineered for Exadata and Oracle Database, enabling seamless adoption. Additional custom policies are also allowed to support 3rd-party or implementation-specific software requirements.

Monitoring SELinux in permissive mode enables the identification of potential issues, providing the opportunity to take corrective action to ensure the security and integrity of Exadata environments. Starting with permissive mode enables easy adoption and is the ideal preparation before manually moving to a mode that strictly enforces the SELinux security policies.