Share your love
Configure SELinux in Fedora Linux Command Line
In this guide, we want to show you how to Configure SELinux in Fedora Linux from the Command Line. You will learn the SELinux modes and how you can change your SELinux mode in Fedora Linux. Let’s get familiar with SELinux and start to configure it in Fedora Linux.
What are the 3 modes of SELinux?
Security Enhanced Linux also known as SELinux is a part of the Linux security kernel that acts as a protective agent on servers. It has three modes that you can set your SELinux to how it can act.
- Enforcing mode is the default mode at the installation of SELinux. It will enforce the policies on the system, deny access, and log actions.
- Permissive mode is the most commonly used mode for troubleshooting SELinux. In this mode, SELinux enables but does not enforce security policies. Also, this means that actions will result in a warning and log for the system administrator.
- Disabled mode means that SELinux is turned off and the security policies do not protect the server.
Now proceed to the following steps to see how you can configure your Fedora SELinux.
Steps To Configure SELinux in Fedora Linux Command Line
Now you must have access to your Fedora server as a non-root user with sudo privileges and follow the steps below to complete this guide. In this guide, to show the guide steps, we use Fedora Linux 39.
The first step is to check your SELinux status. Let’s see how you can do this.
Step 1 – Check SELinux Status in the Fedora Command Line
In Fedora, enforcing mode is enabled by default. It means that you have enabled SELinux. To check your current status, you can use the following command:
sudo sestatus
Example Output:
As you can see, we have SELinux enforcing mode.
Step 2 – Set SELinux To Permissive Mode in Fedora
As you know, in permissive mode, SELinux enables but does not enforce security policies. It means that you temporarily disable SELinux and when you reboot your server, it will return to enforcing mode. To do this, you can easily run the following command:
sudo setenforce 0
Then, verify your SELinux status again:
sudo sestatus
In your output, you should see:
Step 3 – Disable SELinux in the Fedora Command Line
If you plan to disable SELinux completely on your server, means that when you reboot it will be in Disabling mode, you will need to edit the /etc/sysconfig/selinux file. To do this, open your file with your desired text editor like vi editor or nano editor:
sudo vi /etc/sysconfig/selinux
In the file, search for the SELinux directive. It should be in enforcing mode:
Now you should change the value to disabled:
When you are done, save and close the file.
Then, you must reboot your Fedora server to apply the changes.
sudo reboot
Once you log in again, check your SELinux status:
sudo sestatus
You should see:
Step 4 – Reason To Disable SELinux or Set To Permissive Mode
Some applications don’t support SELinux. So you need to disable it or put it in a permissive mode to avoid it from terminating any key process you require to install some particular application.
Step 5 – Enable SELinux in Fedora Command Line
At this point, if you plan to re-enable your SELinux you can easily open your /etc/sysconfig/selinux file and set the SELinux directive to enforcing mode.
sudo vi /etc/sysconfig/selinux
SELinux=enforcing
When you are done, save and close the file.
Then, reboot your server to apply the changes. Verify your SELinux status, it must be enabled.
Where is the SELinux config file?
The /etc/sysconfig/selinux file is the main configuration file for enabling or disabling SELinux. As you saw, you can easily edit the file and change your SELinux settings.
How to know if SELinux is running in Fedora?
By default, Fedora has enabled SELinux. You can easily verify it by using the sestatus command
to check your running SELinux in Linux.
Conclusion
At this point, you have learned to configure SELinux in Fedora Linux from the command line terminal. As you saw, you can easily change your SELinux mode settings and append your desired mode in SELinux. Hope you enjoy it.
Also, you may like to read:
Install Google Chrome in Fedora Linux 39 Using Terminal