5 Useful Examples to Turn Off SELinux Temporarily or Permanently on RHEL 8/CentOS 8

Table of Contents

Examples to Turn Off SELinux Temporarily or Permanently

Also Read: 7 Easy Steps to change ssh port number on RedHat/CentOS 7

Example 1: How to Check if SELinux is Turn off or not using sestatus command ?

You can check selinux status using sestatus command as shown below. In the below output you can see that SELinux status is showing enabled and SELinux filesystem is mounted on /sys/fs/selinux.

Configuration path can be found under /etc/selinux which is also know as SELinux root directory. Current policy is set to targeted which is the default policy in CentOS or RedHat Based Systems. You can also see the current mode is set to enforcing which allows SELinux to enforce its policies.

[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31

Example 2: How to check current SELinux Policy ?

You can check current SELinux Policy by using getenforce command as shown below. As you can see from below output, current policy is set to enforcing which means SELinux Policy is getting enforced to System Resources.

[root@localhost ~]# getenforce
Enforcing

Example 3: How to Check SELinux Configuration ?

You can check selinux configuration from /etc/selinux/config file. In this configuration file, you can see two parameter. One is SELINUX which is currently set to disabled state and another is SELINUXTYPE which is currently set to targeted value.

[root@localhost ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

Example 4: How to Turn off SELinux Temporarily Using Setenforce Command ?

If you want to turn off SELinux temporarily, then either you can do it by passing mode name or mode value as parameter through setenforce command. Here we are passing mode name as parameter to setenforce command as shown below. Then we need to check if selinux is enabled or not using sestatus command.

setenforce permissive - Set SELinux status to permissive mode

setenforce enforcing - Set SELinux status to enforcing mode

[root@localhost ~]# setenforce permissive
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31

Also you can temporarily turn off SELinux by another method where you can pass the mode value as parameter instead of mode name as shown below. After that you can run sestatus command to check if SELinux is enabled or not. More on sestatus Man Page.

setenforce 0 - Set SELinux status to permissive mode

setenforce 1 - Set SELinux Status to Enforcing mode

[root@localhost ~]# setenforce 0
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31

Another method that can be used to tunr off SELinux temporarily is by using SELinux Kernel Parameters. You can pass value 0 to /sys/fs/selinux/enforce parameter to remove enforcing mode as shown in below command.

[root@localhost ~]# echo 0 > /sys/fs/selinux/enforce

Then you can again check if SELinux is Enabled or not using sestatus command. Now you can see current mode is set to permissive instead of enforcing.

[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31

Example 5: How to Turn off SELinux Permanently Using Configuration File ?

If you want to turn off SELinux permanently then you need to do it through SELinux configuration file. You can generally find config file in /etc/selinux path as shown below. Here you need to set the value of SELINUX to disabled to permanently turn off SELinux.

[root@localhost ~]# vi /etc/selinux/config
SELINUX=disabled

Press Esc. Save and exit by using wq! . Then, restart Your System using init 6 command as shown below.

[root@localhost ~]# init 6

or, you can also reboot your system using reboot command.

[root@localhost ~]# reboot

Now you can check selinux status again and check if SELinux is Enabled or not.

[root@localhost ~]# sestatus
SELinux status: disabled

Popular Recommendations:-

Useful C Program to List Network Interfaces using only 30 Lines of Code

Best Explanation of Wrapper Classes in Java: Autoboxing and Unboxing with Examples

5 Best Ways to Become root user or Superuser in Linux (RHEL/CentOS/Ubuntu)

How to Install PHP on RedHat/CentOS 7 with Easy Steps

7 Easy Steps to Install PHP on RHEL 8/CentOS 8

Easy Steps to Install Java on Ubuntu 20.04

Best Steps to Install Java on RHEL 8/CentOS 8

15 ansible-vault command examples to encrypt and decrypt sensitive data/files on Linux

Cyberithub