How can I Disable SELinux on RHEL 8? or How to Disable SELinux on CentOS 8?. Security-Enhanced Linux (SELinux) is an implementation of a mandatory access control mechanism in the Linux kernel which enforces rules on files and processes and on their actions. It does this based on defined policies. The heart of SELinux operations is “loadable policy rules“.
SELinux gives you the ability to limit the privileges associated with executing processes and reduce the damage that could result from system and applications vulnerabilities exploitation. For this reason, it is recommended to keep SELinux in enforcing mode unless you have a good reason to disable it.
Why disable SELinux? – Not recommended
To many, the benefits of MAC and SELinux comes with a price, which is the learning curve. Because of this, some guys may consider disabling SELinux at the expense of faster system setup, Applications deployment, and troubleshooting.
I recommended you start learning how to work with SELinux Policies instead of doing a complete disable.
How to Disable SELinux on RHEL 8 / CentOS 8
Before disabling SELinux, check first its mode of operation.
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
The default mode in RHEL 8 is Enforcing. In this mode, SELinux policy is enforced and it denies access based on SELinux policy rules.
The other available mode for running SELinux in enabled state is Permissive. In this mode, SELinux policy is not enforced and access is not denied but denials are logged for actions that would have been denied if running in enforcing mode.
To permanently disable SELinux. edit its main configuration file
/etc/selinux/config and set:
This can be done automatically using the
sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
Then verify with:
$ cat /etc/selinux/config | grep SELINUX= | grep -v ^#
Reboot your system after the change
To work in disabled mode and postpone systemreboot, just set the current mode to Permissive in runtime.
sudo setenforce 0
If you prefer to set permanent Permissive mode which gives you event logging instead, then set to this mode using the command below.
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
That’s all. You now have SELinux disabled on your RHEL 8 / CentOS 8 system. Until next time, stay connected by following us on facebook and twitter.
- How to Disable SELinux on RHEL 8
- How to disable SELinux on CentOS 8
Also read: How to Configure SELinux man pages