How To Disable SELinux on AlmaLinux 8

Disable SELinux on AlmaLinux 8

In this tutorial, we will show you how to disable SELinux on AlmaLinux 8. For those of you who didn’t know, SELinux (Security-Enhanced Linux) is a Linux kernel module that provides a mechanism to enforce access control security policies including MAC (Mandatory Access Control). SELinux policy rules specify how processes and users interact with each other as well as how processes and users interact with files. When there is no rule explicitly allowing access to an object, such as for a process opening a file, access is denied.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step disabling SELinux on an AlmaLinux 8.

Disable SELinux on AlmaLinux 8

Step 1. First, let’s start by ensuring your system is up-to-date.

sudo dnf update
sudo dnf install epel-release

Step 2. Check the status of SELinux on AlmaLinux.

You can check the current status of SELinux using the following command:

sestatus

Output:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      16

Step 3. Disable SELinux on AlmaLinux 8.

Disabling SELinux could involve either changing it to a permissive mode or disabling it entirely.

  • Changing SELinux Mode to Permissive:

We don’t need to reboot our system for this change to take effect, and we can make the change by executing the following command:

sudo setenforce 0

Check the current mode of SELinux again:

sestatus
  • Disabling SELinux Mode Permanently:

To permanently set the SELinux mode to permissive, run the following command:

sudo nano /etc/selinux/config

Change the SELINUX value to disabled:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Save the file and reboot the system:

reboot

After reboot, check the current status of SELinux:

sestatus

Congratulations! You have successfully disabled SELinux. Thanks for using this tutorial to disable Security-Enhanced Linux on your AlmaLinux 8 system. For additional help or useful information, we recommend you check the official AlmaLinux website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!