SELinux, also known as security-enhanced Linux, is a security feature embedded in the Linux kernel. SELinux uses mandatory access control (MAC) to restrict users to certain rules and policies and prevent them from performing unauthorized tasks on Linux systems as specified by the IT administrator. SELinux has 3 different modes:
Enforce -This is the default installation of SELinux during installation. It enforces default policies on the system, records actions and denies access to certain services.
Allowed -In this mode, policies are not enforced, but violations are logged and warnings are triggered.
disabled -As the name implies, this means that SELinux is closed and the security policy will no longer protect the server.
Now that you know what SELinux is and the various modes you can configure, let’s see how to disable SELinux on CentOS 8.
SELinux is enabled by default Enforce Enter the mode after a fresh installation. It is generally recommended to keep it enabled for security reasons. However, in some cases it may be necessary to disable or turn it off. Let’s see how to disable SELinux on CentOS 8.
1) Check SELinux status
First, let’s first check the status of SELinux. To do this, simply run the following command:
From the output above, we can clearly see that it is enabled by default and is in force mode.
2) Temporarily disable SELinux
To temporarily disable SELinux or set SELinux status from target to allowed, run the following command:
# sudo setenforce 0
Additionally, you can use
Permissive Option instead of 0 as shown
# sudo setenforce Permissive
3) Disable permanently
SELinux configuration file is located
/etc/selinux/config path. To disable SELinux, open the configuration file and set
disabled. So, open the configuration file
disabled As follows.
Save and exit the configuration file.
3) Restart CentOS 8 system
For the changes to take effect, reboot the system with any command shown below
# reboot # shutdown -r now # init 6
4) Verify SELinux status
Once the system has successfully restarted, now check the status of SELinux to confirm that it is indeed disabled.
Big! We have successfully disabled SELinux on CentOS 8.
SELinux provides security for your system and uses policies that restrict what users can do on the system. Essentially, disabling SELinux is not a good idea, but in some cases requires disabling SELinux. In this guide, we demonstrated how to disable SELinux on CentOS 8.
- How to use the SEMANAGE command with a SELinux policy