How to Disable SELinux on CentOS 8
4 min read
Security Enhanced Linux or SELinux is a security mechanism built into the Linux kernel used by RHEL-based distributions.
SELinux adds an additional layer of security to the system by allowing administrators and users to control access to objects based on policy rules.
SELinux policy rules specify how processes and users interact with each other as well as how processes and users interact with files. When there is no rule explicitly allowing access to an object, such as for a process opening a file, access is denied.
SELinux has three modes of operation:
- Enforcing: SELinux allows access based on SELinux policy rules.
- Permissive: SELinux only logs actions that would have been denied if running in enforcing mode. This mode is useful for debugging and creating new policy rules.
- Disabled: No SELinux policy is loaded, and no messages are logged.
By default, in CentOS 8, SELinux is enabled and in enforcing mode. It is highly recommended to keep SELinux in enforcing mode. However, sometimes it may interfere with the functioning of some application, and you need to set it to the permissive mode or disable it completely.
In this tutorial, we will explain to disable SELinux on CentOS 8.
Only the root user or a user with sudo privileges can change the SELinux mode.
Checking the SELinux Mode
sestatus command to check the status and the mode in which SELinux is running:
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 31
The output above shows that SELinux is enabled and set to enforcing mode.
Changing SELinux Mode to Permissive
When enabled, SELinux can be either in enforcing or permissive mode. You can temporarily change the mode from targeted to permissive with the following command:
sudo setenforce 0
However, this change is valid for the current runtime session only and do not persist between reboots.
To permanently set the SELinux mode to permissive, follow the steps below:
/etc/selinux/configfile and set the
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
Save the file and run the
setenforce 0command to change the SELinux mode for the current session:
sudo shutdown -r now
Instead of disabling SELinux, it is strongly recommended to change the mode to permissive. Disable SELinux only when required for the proper functioning of your application.
Perform the steps below to disable SELinux on your CentOS 8 system permanently:
/etc/selinux/configfile and change the
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
Save the file and reboot the system:
sudo shutdown -r now
When the system is booted, use the
sestatuscommand to verify that SELinux has been disabled:
The output should look like this:
SELinux status: disabled
SELinux is a mechanism to secure a system by implementing mandatory access control (MAC). SELinux is enabled by default on CentOS 8 systems, but it can be disabled by editing the configuration file and rebooting the system.
To learn more about the powerful features of SELinux, visit the CentOS SELinux guide.
If you have any questions or feedback, please leave a comment below.