1Disable Unconfined System Processes 2 3 4By default any system process that is started at boot that do not have SELinux Policy defined for them, run as initrc_t or init_t. These domains are unconfined by SELinux. Other similar processes which do not have SELinux Policy written for them run also unconfined. By disabling the unconfined module moves you closer to what used to be called strict policy, and locks down your machine tighter. 5 6Disabling the unconfined module will leave certain unconfined domains running on your system, specifically the unconfined_t user. If you do not 7want unconfined_t users on your system you would need to remove them from the 'Login Mapping' and Users Screens. 8 9Note if you disable the unconfined module, you may see an increase in the denials, and if you have processes running as initrc_t, you may need to write policy for them. 10