The SELinux works in one of these modes: permissive, disabled, or enforcing. The /etc/selinux/config file controls the mode of SELinux and changes made in this file persist across reboot. We will use this file to disable SELinux in RHEL.
Table of Contents
1. Check SELinux status:
First, you have to check the status of SELinux on your system, and you can do this by running the following command:
[root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 29
Here we can see the SELinux status is enabled and the mode from the config file is enforcing. If you want to check the config file then run the below as root:
[root@localhost ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
2. Disable SELinux:
The next step is to disable SELinux on your system. Open the config file /etc/selinux/config in the vi text editor and change Then change the directive SELinux=enforcing to SELinux=disabled.
[root@localhost ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
3. Check SELinux status:
[root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: disabled Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 29
Here Mode from the config file is changed from enforcing to disabled. But the SELinux status is still enabled.
4. Reboot the system:
For the changes to take effect, you need to reboot your system and then check the status of SELinux using sestatus command:
[root@localhost ~]# init 6 [root@localhost ~]# sestatus SELinux status: disabled
Congratulations! Disable SELinux in RHEL is completed successfully. If you want to disable Firewalld service also in RHEL then you can follow my article Disable Firewalld Service.
You can go through the official Redhat site for more information on this.
Pingback: Stop and Disable Firewalld on REHL 7/8/9 :step-by-step guide