Command to Permanently Disable SELinux on AlmaLinux 8

Let’s run a few commands to disable or turn off the SELinux on AlmaLinux 8 using the command terminal.

Well, in a conventional system, there are many different programs that all need to run with root privileges in order to be able to do their job, but should not have full root privileges (why should Apache have access to the mail pool files, for example?). SELinux is based on the TE principle (Type Enforcement): all resources are assigned to specific domains and access rules are defined on them.

Hence, if any service is running with the wrong security policy, files in the incorrect domain, any security breach detection- SELinux restricts the access/function of that particular file or services.

This security layer of the Linux system stores the logs for all activities related to it at /var/log/audit/audit.log

Now, what is the need for disabling SELinux?

Many times, we need to run applications that don’t support SELinux, hence we either need to disable it permanently or put it in a permissive mode to avoid it from terminating any key process we required to install some particular application.

Steps to Disable SELinux on AlmaLinux 8

1. Requirements

RedHat based Linux distros such as AlmaLinux 8
A non-root user with sudo access
Command terminal

 

2. SELinux Modes

There are three modes in which it works, here are those:

enforcing – It means the SELinux security policy is enforced.
permissive – This will put SELinux services on hold and prints warnings instead of enforcing to stop any unwanted process.
disabled – No SELinux policy is loaded.

 

3. Check the status of SELinux on AlmaLinux

Before going further to turn off the SELinux, first let’s know what is the current situation or state of it. For that go to the command terminal and run:

sestatus

Command to Check SELinux

If Current and Mode form config files are set to “Enforcing” mode this means SELinux is enabled and actively restricting the unwanted process.

 

4. Disable SELinux Temporarily or Enable Premmisve mode

If we get some error in installing a program due to SELinux then either we must edit its Policies to allow the process or put it in “Premmisve” mode -Temporarily, for your current session.  This will halt your system’s SELinux security policies until the next system reboot. In short, disables it temporarily and revert back to enforcing mode as soon as you restart your system.

sudo setenforce 0

Disable SELinux Temporarily AlmaLinux 8

To check you can again run the command- sestatus and in the screenshot, you can see the “current mode” of the system is set to “Permissive“.

 

5. Enable Permanent Disable or Permissive mode

Well, running the command given above will set things for temporary. So, if you want to disable SELinux or put it in Permissive mode but permanently, that remains unchanged even after the system reboot. Then we have to edit the “/etc/sysconfig/selinux“.

sudo dnf -y install nano
sudo nano /etc/sysconfig/selinux

By default, the mode is set to ‘enforcing‘.

Enforcing mode Linux

For permanent disable and permissive mode simply set SELINUX=disbaledor SELINUX=permissive as per your choice.

Disabled SELinux temporary AlmaLinux

Save the file Ctrl+O, hit the Enter key, and then Ctrl+X to exit the file.

 

6. Restart your system

To apply the changes we have done by editing the SELinux file, simply reboot your AlmaLinux system.

sudo reboot

 

7. Check current mode

Once you are again on your system’s terminal, run the command to check the current status to confirm SELinux is set to permanent or disable mode.

sestatus

Disabled permanently

 

Ending Note:

By following this tutorial you will be able to disable SELinux on your AlmaLinux, nevertheless, it is recommended to use permissive mode instead of going for disabling mode.

 

Other Articles:

Command to disable/enable repo in AlmaLinux 8 or Rocky Linux
Command to add folder in Linux path permanently
How to Set or Change a Hostname in AlmaLinux 8 | Rocky Linux 8

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.