The objective of this article is to install, enable and disable SELinux on Ubuntu 20.04 Focal Fossa Linux.
Make sure that you know what you are doing! Ubuntu offers AppArmor as an alternative to SELinux. While SELinux is available on Ubuntu, it is rather in an experimental stage and most likely will beak your system if set to
enforcing
mode. In case you must use SELinux, make sure to disable AppArmor first. Also set SELinux first to permissive
mode and check your logs for potential issues before you enable enforcing
mode.In this tutorial you will learn:
- How to install SELinux
- How to enable SELinux
- How to disable SELinux
Software Requirements and Conventions Used
Category | Requirements, Conventions or Software Version Used |
---|---|
System | Installed Ubuntu 20.04 or upgraded Ubuntu 20.04 Focal Fossa |
Software | SELinux |
Other | Privileged access to your Linux system as root or via the sudo command. |
Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
How to disable/enable SELinux on Ubuntu 20.04 step by step instructions
Enable SELinux
- The first step is to install SELinux. Use the
apt
command to install the following packages:$ sudo apt install policycoreutils selinux-utils selinux-basics
- Activate SELinux:
$ sudo selinux-activate
- Next, set SELinux to enforcing mode:
$ sudo selinux-config-enforcing
- Reboot your system. The relabelling will be triggered after you reboot your system. When finished the system will reboot one more time automatically.
-
Check SELinux status:
$ estatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: default Current mode: enforcing Mode from config file: error (Success) Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: requested (insecure) Max kernel policy version: 31
Disable SELinux
- To disable SELinux open up the
/etc/selinux/config
configuration file and change the following line:FROM: SELINUX=enforcing TO: SELINUX=disabled
- Reboot your system.