Psychz - Pratibha
Votes: 0Posted On: Oct 21, 2022 12:02:52
AlmaLinux comes with SELinux (Security Enhanced Linux) installed and enabled by default. Its primary purpose is to enforce the resource policies that define what level of access users, programs, and services have on a system. SELinux is based on the TE principle (Type Enforcement): all resources are assigned to specific domains and access rules are defined on them.
Though, it is good to have security measures for your system, but you may come across situations where some of your important applications don't support SELinux and hence you may want to disable SELinux permanently to avoid termination of any key process on your system.
Follow the steps given below to disable SELinux on your AlmaLinux
To find out the current status of SELinux on your system using the following command
# sestatus
Output
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
SELinux has three possible modes that you could see when running the command. They are:
Enforcing – SELinux is active and enforcing its policy rules.
Permissive – SELinux permits everything, but logs the events it would normally deny in enforcing mode.
Disabled – SELinux is not enforcing rules or logging anything.
Note: By default, AlmaLinux has SELinux enabled and in enforcing mode.
To disable SELinux permanently on your system, you need to edit the following config file
# vi /etc/selinux/config
Output
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Press 'i' or 'insert' to edit the file. Replace SELINUX=enforcing to SELINUX=disabled
When done, press 'esc' followed by :wq and press enter.
w-write
q-quit
Now reboot the system
# reboot
Once you reboot the system, SELinux will be totally disabled.
Verify that SELinux is permanently disabled.
# getenforce
Output
disabled
You have successfully disabled SELinux in your system. If you wish to enable it in the future, simply change the mode to Enforcing or Permissive editing the config file.