How to Disable SELinux on CentOS 8

disable selinux

SELinux, also known as Security-Enhanced Linux, is a security feature embedded in the Linux kernel. SELinux leverages Mandatory Access controls (MAC) to confine users to certain rules and policies and prevents them from performing unauthorized tasks on the Linux system as specified by the IT administrator. SELinux comes  in 3 different modes:

Enforcing - This is SELinux's default installation at Installation. It enforces default policies on the system, logs actions, and denies access to some services.

Permissive - In this mode, policies will not be enforced, but violations will be logged and a warning triggered.

Disabled - As the name suggests, this implies that SELinux is turned off and security polices will no longer protect the server.

Having looked at what SELinux is and the various modes it can be configured, let's now see how you can disable SELinux on CentOS 8.

By default, SELinux is  enabled in enforcing mode after a new installation. It's usually recommended to keep it enabled for security reasons. However, in some instances, you may be required to disable it or turn it off. Let's see how you can disable SELinux on CentOS 8.

1) Check SELinux status

To start off, let's first check the status of SELinux. To do so,  simply run the command:

# sestatus

Sample output

How to disable SELinux on CentOS 8

From the output above, we can clearly see that it is enabled by default and in enforcing mode.

2) Disable SELinux (Temporarily)

To temporarily disable  SELinux or set SELinux status from targeted to permissive, run the command :

# sudo setenforce 0

Temporarily disable SELinux

Additionally, you can use the Permissive option  instead of  0 as shown

# sudo setenforce Permissive

Temporarily disable SELinux

3) To Disable Permanently

The configuration file for SELinux is located in /etc/selinux/config path. To disable SELinux, open the configuration file and set the SELINUX parameter to disabled. So, open the configuration file

vim /etc/selinux/config

Set SELINUX to disabled as shown below.

disable SELinux on CentOS 8

Save and exit the configuration file.

3) Reboot CentOS 8 system

For the changes to come into effect, reboot your system using any commands as shown below

# reboot
# shutdown -r now
# init 6

4) Verify SELinux status

Once the system successfully reboots, now check the status of SELinux to confirm that it is indeed disabled.

# sestatus

Sample outputSELinux-disabled

Great! we have successfully managed to disable SELinux on CentOS 8.

Conclusion

SELinux provides security for your system and uses policies that restrict users on what they can do on a system. Essentially,  it's not a good idea to disable SELinux, however, some scenarios call for it to be disabled. In this guide, we have demonstrated how to disable SELinux on CentOS 8.

Read Also:

 

Winnie Ondara 8:22 am

Comments

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.

2 Comments

  1. Nice article! By the way, you don't need to reboot for disabling to take effect. Once disabled/set to permissive the kernel immediately stops blocking services that were being blocked. Definitely restart any services that were being blocked (if there was evidence in logs of it), but once the service is restarted, you're good, no need to reboot. Or I suppose if you have a ton of services on one box, and it's not live/prod, a reboot works as well.