In this short tutorial, we will learn how to disable SELinux on CentOS 8 operating system. Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy, and streamlines the amount of software involved with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA).
Disabling SELinux On CentOS 8
SELinux has three modes, namely :
- Enforcing: SELinux allows access based on SELinux policy rules.
- Permissive: SELinux only logs actions that would have been denied if running in enforcing mode.
- Disabled: No SELinux policy is loaded.
SELinux has two type to be diabled, namely :
- Temporary Disable Selinux
- Permanently Disable SELinux
In this short article, we will try to disable SELinux in two types operation. The following tasks will be done on how to disable selinux.
- Checking Selinux Status
- Disabling Selinux
2.1. Temporary Disable Selinux
2.2. Disable SELinux Permanently
1. Checking Selinux Status
Before we decide to disable Selinux, we have to make sure the current status of Selinux. This taskcan be done using the command line :
$ sestatus
Output :
ramans@localhost ~]$ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31
2. Disabling Selinux
As mentioned above, there are two methods of disabling SELinux, namely temporary and permanent. We will try both ways.
2.1. Temporary Disable Selinux
To disable Selinux temporary, we just hit the command line :
$ sudo setenforce 0 $ sestatus
Then we will check the current Selinux status by submitting command line :
ramans@localhost ~]$ sudo setenforce 0
ramans@localhost ~]$ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31
The Current mode will be permissive.
2.2. Disable SELinux Permanently
To disable SELinux permanently, we have to edit edit /etc/selinux/config file.
$ sudo vi /etc/selinux/config
The output will be as shown below :
[ramans@localhost ~]$ sudo vi /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
To take effect of this change, we have to reboot the system by submitting command line :
$ sudo shutdown -r now
Conclusion
On this short article, we have tried to disable SELinux on CentOS 8 operating system.
