In this guide, we want to teach you How To Disable SELinux on AlmaLinux.
SELinux, or Security-Enhanced Linux, is a part of the Linux security kernel that acts as a protective agent on servers.
SELinux acts under the least-privilege model. It only grants access if the administrator writes a specific policy to do so.
There are three modes of SELinux:
- Enforcing mode is the default mode at the installation of SELinux. It will enforce the policies on the system, deny access and log actions.
- Permissive mode is the most commonly used mode for troubleshooting SELinux. In this mode, SELinux enables but does not enforce security policies. Also, this means that actions will result in a warning and log for the system administrator.
- Disabled mode means that SELinux is turned off and the security policies do not protect the server.
Some applications don’t support SELinux. So you need to disable it or put it in a permissive mode to avoid it from terminating any key process you required to install some particular application.
Steps To Disable SELinux on AlmLinux
To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on Initial Server Setup with AlmaLinux 8. Or you can use Initial Server Setup with AlmaLinux 9.
Check Current SELinux Status
First, you need to check the current SELinux status on your AlmaLinux server. To do this, you can use the following command:
If you will get the Enforcing mode from the output, it means that your SELinux is enabled and active on your Almlinux server.
You can temporarily disable your SELinux or put your SELinux in Permissive mode.
As we said before, in permissive mode, SELinux enables but does not enforce security policies.
Disable SELinux Temporarily on AlmaLinux
At this point, you can easily put your SELinux in permissive mode. It means that you temporarily disable SELinux and when you reboot your server, it will return to enforcing mode. To do this, you can use the command below:
sudo setenforce 0
Then, check your SELinux status, it will be in Permissive mode.
Disable SELinux Permanently on AlmaLinux
If you plan to disable SELinux completely on your server, means that when you reboot it will be in Disabling mode, you can need to edit the /etc/sysconfig/selinux file.
Open the file with your favorite text editor, here we use vi:
sudo vi /etc/sysconfig/selinux
Find the SELinux directive and set it to disabled:
When you are done, save and close the file.
To apply the changes, reboot your AlmaLinux server:
Then, check your SELinux status on your AlmaLinux, it will return disabled in your output:
Output SELinux status: disabled
Every time you want, you can easily back into enforcing mode by editing the /etc/sysconfig/selinux file and setting SELinux to enforcing.
At this point, you have learned to Disable SELinux on AlmaLinux.
Hope you enjoy it.
You may be like these articles: