SELinux, also known as Security-Enhanced Linux, is a security feature embedded in the Linux kernel. SELinux leverages Mandatory Access controls (MAC) to confine users to certain rules and policies and prevents them from performing unauthorized tasks on the Linux system as specified by the IT administrator. SELinux comes in 3 different modes:
Enforcing - This is SELinux's default installation at Installation. It enforces default policies on the system, logs actions, and denies access to some services.
Permissive - In this mode, policies will not be enforced, but violations will be logged and a warning triggered.
Disabled - As the name suggests, this implies that SELinux is turned off and security polices will no longer protect the server.
Having looked at what SELinux is and the various modes it can be configured, let's now see how you can disable SELinux on CentOS 8.
By default, SELinux is enabled in enforcing mode after a new installation. It's usually recommended to keep it enabled for security reasons. However, in some instances, you may be required to disable it or turn it off. Let's see how you can disable SELinux on CentOS 8.
1) Check SELinux status
To start off, let's first check the status of SELinux. To do so, simply run the command:
From the output above, we can clearly see that it is enabled by default and in enforcing mode.
2) Disable SELinux (Temporarily)
To temporarily disable SELinux or set SELinux status from targeted to permissive, run the command :
# sudo setenforce 0
Additionally, you can use the
Permissive option instead of 0 as shown
# sudo setenforce Permissive
3) To Disable Permanently
The configuration file for SELinux is located in
/etc/selinux/config path. To disable SELinux, open the configuration file and set the
SELINUX parameter to
disabled. So, open the configuration file
disabled as shown below.
Save and exit the configuration file.
3) Reboot CentOS 8 system
For the changes to come into effect, reboot your system using any commands as shown below
# reboot # shutdown -r now # init 6
4) Verify SELinux status
Once the system successfully reboots, now check the status of SELinux to confirm that it is indeed disabled.
Great! we have successfully managed to disable SELinux on CentOS 8.
SELinux provides security for your system and uses policies that restrict users on what they can do on a system. Essentially, it's not a good idea to disable SELinux, however, some scenarios call for it to be disabled. In this guide, we have demonstrated how to disable SELinux on CentOS 8.