How To Disable SELinux on CentOS 8

r00t

In this tutorial, we will show you how to disable SELinux on CentOS 8. For those of you who didn’t know, Security-Enhanced Linux (SELinux) is a Linux feature that provides the mechanism for supporting access control security policies. By default, when you installed the Linux operation system, The SELinux service is enabled, As some software does not support SELinux that the state is enabled, So you need to disable or turn off the SELinux config.

Following are the modes in SELinux:

Enforcing Mode: Here in this mode, SELinux is enabled and access is allowed following SELinux Rules.
Permissive Mode: In this mode, SELinux allows applications whatever they want to do. If they are doing things that are not allowed in SELinux Rules then it will keep logs for that.
Disabled: SELinux is disabled in this mode.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step disable SELinux on a CentOS 8.

Prerequisites

A server running one of the following operating systems: CentOS 8.
It’s recommended that you use a fresh OS install to prevent any potential issues.
A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Disable SELinux on CentOS 8

Step 1. First, let’s start by ensuring your system is up-to-date.

sudo dnf update

Step 2. Checking the SELinux Status.

First, we need to see how SELinux is configured, issue the sestatus command.

$ sestatus

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

Step 3. Disable SELinux (Temporarily)

To temporarily disable SELinux or set SELinux status from targeted to permissive, run the command:

sudo setenforce 0

Additionally, you can use the Permissive option instead of 0 as shown:

sudo setenforce Permissive

Step 4. Disable SELinux (Permanently)

To permanently disable SELinux. edit its main configuration file /etc/selinux/config and set:

nano /etc/selinux/config

Change “SELINUX=enforcing” to “SELINUX=disabled” and save the configuration file:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
#     SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected, 
#     mls - Multi Level Security protection. 
SELINUXTYPE=targeted

Reboot your system after the change:

reboot

After reboot, you can verify the status of SELinux. Issue “sestatus” command to verify that SELinux permanently disabled:

$ sestatus
SELinux status:                 disabled

Congratulations! You have successfully disabled SELinux. Thanks for using this tutorial to disable Security-Enhanced Linux on your CentOS 8 system. For additional help or useful information, we recommend you check the official CentOS website.

VPS Manage Service Offer

If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!