How to Disable or Turn Off SELinux on Rocky Linux 8

Let’s run a few commands to disable or turn off the SELinux on Rocky Linux 8 using the command terminal.

SELinux is now the standard in the Linux environment when it comes to the use of mandatory access control. Initially, the system had a reputation for being difficult to configure and only usable for experts. Those days are over. SELinux can now also be used and configured by “ordinary” admins.

Well, in a conventional system, there are many different programs that all need to run with root privileges in order to be able to do their job, but should not have full root privileges (why should Apache have access to the mail pool files, for example?). SELinux is based on the TE principle (Type Enforcement): all resources are assigned to specific domains and access rules are defined on them. In short- all files are labeled, i.e. assigned to a specific domain; this means, for example, that all files belonging to Apache can be assigned the “apache_t” type. The Apache binary is also plugged into this domain. If the rest of the system is set up correctly, Apache can only access the data that is in its domain; any access to files located within other domains (e.g. “postfix_t”) is prevented by the kernel.

Hence, if any service is running with the wrong security policy, files in the incorrect domain, any security breach detection- SELinux restricts the access/function of that particular file or services.

This security layer of the Linux system stores the logs for all activities related to it at /var/log/audit/audit.log

Now, what is the need for disabling SELinux?

Many times, we need to run applications that don’t support SELinux, hence we either need to disable it permanently or put it in a permissive mode to avoid it from terminating any key process we required to install some particular application.

Steps to Disable SELinux on Rocky Linux

1. Requirements

RedHat based Linux distros such as Rocky Linux 8
A non-root user with sudo access
Command terminal

 

2. SELinux Modes

There are three modes in which it works, here are those:

enforcing – It means the SELinux security policy is enforced.
permissive – This will put SELinux services on hold and prints warnings instead of enforcing to stop any unwanted process.
disabled – No SELinux policy is loaded.

 

3. Check the status of SELinux on Rocky Linux

Before going further to turn off the SELinux, first let’s know what is the current situation or state of it. For that go to the command terminal and run:

sestatus

Command to Check SELinux

If Current and Mode form config files are set to “Enforcing” mode this means SELinux is enabled and actively restricting the unwanted process.

 

4. Disable SELinux Temporarily or Enable Premmisve mode

If we get some error in installing a program due to SELinux then either we must set its Policy to allow the process or put it in “Premmisve” mode for your current session. This will halt your system’s SELinux security policies until the next system reboot. In short, disables it temporarily and will revert back to enforcing mode as soon as you restart your system.

sudo setenforce 0

Disable SELinux Temporarily rocky Linux

To check you can again run the command- sestatus and in the screenshot, you can see the “current mode” of the system is set to “Permissive“.

 

5. Enable Permanent Disable or Permissive mode

Well, running the command given above will set things for temporary. So, if you want to disable SELinux permanently or put it in Permissive mode, that remains unchanged even after the system reboot. Then we have to edit the “/etc/sysconfig/selinux“.

sudo dnf -y install nano
sudo nano /etc/sysconfig/selinux

By default, the mode is set to ‘enforcing’.

Enforcing mode Linux

For permanent disable and permissive mode simply set SELINUX=disbaledor SELINUX=permissive as per your choice.

Disabled SELinux temporary Rocky Linux

Save the file Ctrl+O, hit the Enter key, and then Ctrl+X to exit the file.

 

6. Restart your system

To apply the changes we have done by editing the SELinux file, simply reboot your Rocky Linux system.

sudo reboot

 

7. Check current mode

Once you are again on your system’s terminal, run the command to check the current status to confirm SELinux is set to permanent or disable mode.

sestatus

Disabled permanently

 

Ending Note:

By following this tutorial you will be able to disable SELinux  on your Rocky Linux, nevertheless, it is recommended to use permissive messive mode instead going for disable mode.

 

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.