Disabling SELinux On CentOS 8

On this short article we will learn how to disable Selinux on CentOS 8 operating system.

Introduction

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy, and streamlines the amount of software involved with security policy enforcement.[3][4] The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA).

SELinux has three modes:

Enforcing: SELinux allows access based on SELinux policy rules.
Permissive: SELinux only logs actions that would have been denied if running in enforcing mode.
Disabled: No SELinux policy is loaded.

Disable Selinux type :

Temporary Disable Selinux
Permanently Disable SELinux





Checking Selinux Status

Before we decide to disable Selinux, we have to make sure the current status of Selinux. This taskcan be done using the command line :

$ sestatus

The output :

ramans@localhost ~]$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31

Disabling Selinux

Temporary Disable Selinux

To disable Selinux temporary, we just hit the command line :

$ sudo setenforce 0

Then we will check the current Selinux status by submitting command line :

$ sestatus

The output :

ramans@localhost ~]$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31

The Current mode will be permissive.

Disable SELinux Permanently

To disable SELinux permanently, we have to edit edit /etc/selinux/config file.

$ sudo vi /etc/selinux/config

The output :

[ramans@localhost ~]$ sudo vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled 
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

To take effect of this change, we have to reboot the system by submitting command line :

$ sudo shutdown -r now

Conclusion

On this short article, we have tried to disable SELinux on CentOS 8 operating system.

Add a Comment

Your email address will not be published.