How to disable SELinux on CentOS 8

Photo of author

By rasho

SELinux, also known as Security-Enhanced Linux, is a security feature embedded in the Linux kernel. SELinux leverages Mandatory Access controls (MAC) to confine users to certain rules and policies and prevents them from performing unauthorized tasks on the Linux system as specified by the IT administrator. SELinux comes in 3 different modes:
Enforcing – This is SELinux’s default installation at Installation. It enforces default policies on the system, logs actions, and denies access to some services.
Permissive – In this mode, policies will not be enforced, but violations will be logged and a warning triggered.
Disabled – As the name suggests, this implies that SELinux is turned off and security polices will no longer protect the server.
In this topic, you will learn how to disable SELinux temporarily and later permanently on CentOS 8 Linux.

How to temporarily disable SELinux on RHEL 8 / CentOS 8

Before you start disabling SELinux on CentOS 8, it’s prudent that you first check the status of SELinux.
To do so, run the command:

# sestatus

Example output:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

The output above shows that SELinux is enabled and set to enforcing mode.
[ads]
To temporarily disable SELinux run the command.

# setenforce 0

Also, you can run the command.

# setenforce Permissive

However, this change is valid for the current runtime session only and do not persist between reboots.

How to permanently disable SELinux on RHEL 8 / CentOS 8

Instead of disabling SELinux, it is strongly recommended to change the mode to permissive. Disable SELinux only when required for the proper functioning of your application.
Perform the steps below to disable SELinux on your CentOS 8 system permanently:
Open the /etc/selinux/config file:

# vi /etc/selinux/config

and set the SELinux attribute to disabled as shown below:
SELINUX=disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Save the file and reboot the system:

# sudo shutdown -r now

When the system is booted, use the sestatus command to verify that SELinux has been disabled:

# sestatus

The output should look like this:

SELinux status:                 disabled

Conclusion

SELinux is a very crucial feature on CentOS 8 and helps in restricting unauthorized users from accessing certain services on the system.
In this guide, we demonstrated how you can disable SELinux on CentOS 8. Ideally, it’s always recommended to keep SELinux enabled with the exception of instances where you are configuring services that require SELinux to be disabled.
To learn more about the powerful features of SELinux, visit the CentOS SELinux guide.
If you have any questions or feedback, please leave a comment below.

See also: How to Disable SELinux on CentOS 7

Leave a Comment