diff --git a/selinux-policy.spec b/selinux-policy.spec
index c2c80b48ad8a560ac921a1988f0ce513be1c9798..2161566f2080de4e97b120b13688070244341ce2 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,3 +1,4 @@
+%define anolis_release .0.1
 %define distro redhat
 %define polyinstatiate n
 %define monolithic n
@@ -20,7 +21,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 268%{?dist}.2
+Release: 268%{anolis_release}%{?dist}.2
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -457,7 +458,7 @@ echo "
 #     enforcing - SELinux security policy is enforced.
 #     permissive - SELinux prints warnings instead of enforcing.
 #     disabled - No SELinux policy is loaded.
-SELINUX=enforcing
+SELINUX=disabled
 # SELINUXTYPE= can take one of three values:
 #     targeted - Targeted processes are protected,
 #     minimum - Modification of targeted policy. Only selected processes are protected. 
@@ -657,6 +658,10 @@ fi
 %endif
 
 %changelog
+* Fri Jul 01 2022 zhangbinchen <zhangbinchen@openanolis.org> - 3.13.1-268.2.0.1
+- disable selinux default
+- Cherry-pick [20095ba]
+
 * Thu Oct 29 2020 Zdenek Pytela <zpytela@redhat.com> - 3.13.1-268.2
 - Allow certmonger add new entries in a generic certificates directory
 Resolves: rhbz#1879496