How to Disable SELINUX on CentOS 8

SELinux is a sort of system-call firewall, where processes are in their run spaces. When a daemon tries to access resources outside of their contexts, such as network client ‘named’ process trying to access /home/SOMEUSER directory. That’s out of scope of such daemon; hence, such behaviors would be blocked by SELinux to mitigate potential system-wide attacks. In theory, this is great. However, it takes much efforts to properly tune SELinux to allow processes to run properly. The easy answer from lazy admins is to ‘just turn it off’ to reserve an engineer’s attention on more urgent matters than troubleshooting errors.

# Set SELinux to permissive for this current runtime
# In this mode, policies will not be enforced, but violations will be logged and a warning triggered.

sudo setenforce 0 # same as 'sudo setenforce Permissive'
# Check its status
[root@linux1 testadmin]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: disabled
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
# Make changes to SELinux config file to turn off SELinux upon reboot
sudo sed 's/SELINUX=enforcing/SELINUX=disabled/' -i /etc/selinux/config
# Optional: reboot for changes to take effect
# sudo shutdown -r now

Leave a Reply

Your email address will not be published. Required fields are marked *