SELinux (Security Enhanced Linux) is a Linux security module which controls access to files and directories.
However, sometimes we like to enable or disable SELinux as per our server infrastructure. So here we’ll learn how to enable (temporarily or otherwise) or to disable SELinux.
There are actually three modes on SELinux which are as follows:-
Enforcing = In this mode SELinux aggressively enables and provides control over accessing or not accessing files and directories.
Permissive = This is the mode where SELinux allow the files to be accessed without being controlled by SELinux.
Disabled = This is the mode where SELinux is completely disabled.
To check which mode is active currently, we can use the command below:-
getenforce
If we get the output as ‘Enforcing’, this means that SELinux is enabled in the Enforcing mode.
To make it permissive we can use the command below:-
setenforce 0
Then check again with getenforce and you’ll get the output as:-
Permissive.
However, the above permissive mode is temporary and will last only till the next system reboot after which SELinux will be again in the enforcing mode. So to disable SELinux permanently across reboots even, one can do as below:-
Open the file /etc/sysconfig/selinux
Find “selinux=enabled” and change it to “selinux=disabled” and then save the file and reboot the system.
After this SELinux will be disabled permanently.
]]>