{"id":3403,"date":"2020-05-12T09:41:51","date_gmt":"2020-05-12T09:41:51","guid":{"rendered":"http:\/\/www.jameseduard.com\/?p=3403"},"modified":"2020-05-12T09:41:51","modified_gmt":"2020-05-12T09:41:51","slug":"how-to-disable-selinux-on-centos-8-rhel","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=3403","title":{"rendered":"How to Disable SELinux on CentOS 8 \/ RHEL"},"content":{"rendered":"<p>[vc_row][vc_column][vc_column_text]Security-Enhanced Linux (SELinux) is a security architecture for Linux\u00ae systems that allows administrators to have more control over who can access the system.<\/p>\n<p><a href=\"https:\/\/www.redhat.com\/en\/topics\/linux\/what-is-selinux\">SELinux<\/a> is a security mechanism built into the Linux kernel used by CentOS and RHEL-based distributions.<\/p>\n<p>&nbsp;<\/p>\n<p>SELinux has three modes of operation:<\/p>\n<ul>\n<li>Enforcing: SELinux allows access based on SELinux policy rules.<\/li>\n<li>Permissive: SELinux only logs actions that would have been denied if running in enforcing mode. This mode is useful for debugging and creating new policy rules.<\/li>\n<li>Disabled: No SELinux policy is loaded, and no messages are logged.<\/li>\n<\/ul>\n<p>By default, in CentOS 8, SELinux is enabled and in enforcing mode. It is highly recommended to keep SELinux in enforcing mode. However, sometimes it may interfere with the functioning of some application, and you need to set it to the permissive mode or disable it completely.<span id=\"ezoic-pub-ad-placeholder-139\" class=\"ezoic-adpicker-ad\"><\/span><span id=\"div-gpt-ad-linuxize_com-box-3-0\" class=\"ezoic-ad ezfound\" data-google-query-id=\"CLOPsvz5rekCFZAwKgodkYIJiQ\"><\/span><\/p>\n<p>Checking the SELinux Mode<br \/>\nUse the sestatus command to check the status and the mode in which SELinux is running:<br \/>\n[simterm]<br \/>\nsestatus<\/p>\n<p>SELinux status: enabled<br \/>\nSELinuxfs mount: \/sys\/fs\/selinux<br \/>\nSELinux root directory: \/etc\/selinux<br \/>\nLoaded policy name: targeted<br \/>\nCurrent mode: enforcing<br \/>\nMode from config file: enforcing<br \/>\nPolicy MLS status: enabled<br \/>\nPolicy deny_unknown status: allowed<br \/>\nMemory protection checking: actual (secure)<br \/>\nMax kernel policy version: 31<br \/>\n[\/simterm]<\/p>\n<p>Changing SELinux Mode to Permissive<br \/>\nWhen enabled, SELinux can be either in enforcing or permissive mode. You can temporarily change the mode from targeted to permissive with the following command:<br \/>\n[simterm]<br \/>\nsudo setenforce 0<br \/>\n[\/simterm]<\/p>\n<p>However, this change is valid for the current runtime session only and do not persist between reboots.<br \/>\nTo permanently set the SELinux mode to permissive, follow the steps below:<\/p>\n<p>Open the \/etc\/selinux\/config file and set the SELINUX mod to permissive:<br \/>\n[simterm]<br \/>\n\/etc\/selinux\/config<br \/>\n# This file controls the state of SELinux on the system.<br \/>\n# SELINUX= can take one of these three values:<br \/>\n# enforcing &#8211; SELinux security policy is enforced.<br \/>\n# permissive &#8211; SELinux prints warnings instead of enforcing.<br \/>\n# disabled &#8211; No SELinux policy is loaded.<br \/>\nSELINUX=permissive<br \/>\n# SELINUXTYPE= can take one of these three values:<br \/>\n# targeted &#8211; Targeted processes are protected,<br \/>\n# minimum &#8211; Modification of targeted policy. Only selected processes are protected.<br \/>\n# mls &#8211; Multi Level Security protection.<br \/>\nSELINUXTYPE=targeted<br \/>\n[\/simterm]<\/p>\n<p>Save the file and run the setenforce 0 command to change the SELinux mode for the current session:<br \/>\n[simterm]<br \/>\nsudo shutdown -r now<br \/>\n[\/simterm]<\/p>\n<p>Disabling SELinux<br \/>\nInstead of disabling SELinux, it is strongly recommended to change the mode to permissive. Disable SELinux only when required for the proper functioning of your application.<\/p>\n<p>Perform the steps below to disable SELinux on your CentOS 8 system permanently:<br \/>\nOpen the \/etc\/selinux\/config file and change the SELINUX value to disabled:<br \/>\n[simterm]<br \/>\n# This file controls the state of SELinux on the system.<br \/>\n# SELINUX= can take one of these three values:<br \/>\n# enforcing &#8211; SELinux security policy is enforced.<br \/>\n# permissive &#8211; SELinux prints warnings instead of enforcing.<br \/>\n# disabled &#8211; No SELinux policy is loaded.<br \/>\nSELINUX=disabled<br \/>\n# SELINUXTYPE= can take one of these three values:<br \/>\n# targeted &#8211; Targeted processes are protected,<br \/>\n# minimum &#8211; Modification of targeted policy. Only selected processes are protected.<br \/>\n# mls &#8211; Multi Level Security protection.<br \/>\nSELINUXTYPE=targeted<br \/>\n[\/simterm]<\/p>\n<p>Save the file and reboot the system:<br \/>\n[simterm]<br \/>\nsudo shutdown -r now<br \/>\n[\/simterm]<\/p>\n<p>When the system is booted, use the sestatus command to verify that SELinux has been disabled:<br \/>\n[simterm]<br \/>\nsestatus<br \/>\n[\/simterm]<br \/>\nThe output should look like this:<br \/>\n[simterm]<br \/>\nSELinux status: disabled<br \/>\n[\/simterm][\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column][vc_column_text]Security-Enhanced Linux (SELinux) is a security architecture for Linux\u00ae systems that allows administrators to have more control over who can access the system. SELinux is a security mechanism built into the Linux kernel used by CentOS and RHEL-based distributions. &nbsp; SELinux has three modes of operation: Enforcing: SELinux allows access based on SELinux policy rules.<\/p>\n","protected":false},"author":1,"featured_media":3410,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,3,47],"tags":[168,785,786],"class_list":["post-3403","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-centos","category-grafana","category-how-tos","tag-centos","tag-redhat","tag-rhel"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/3403","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3403"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/3403\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3403"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3403"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3403"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}