SELinux, which stands for Security Enhanced Linux, is an extra layer of security control built into Red Hat Enterprise Linux and its derivative Linux distributions, such as AlmaLinux. SELinux is enabled by default on the system, and would have to be manually disabled if a user doesn't wish to use it.

Although SELinux can protect our system through access control for programs and system services, it's not always necessary to have it enabled. Some users may even find that it interferes with certain programs they try to install. In this guide, we'll go over the step by step instructions to disable SELinux on AlmaLinux, whether you've freshly installed AlmaLinux or migrated from CentOS to AlmaLinux.

In this tutorial you will learn:
  • How to check the status of SELinux
  • How to put SELinux in permissive mode
  • How to disable SELinux
Disabling SELinux on AlmaLinux
Disabling SELinux on AlmaLinux
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System AlmaLinux
Software SELinux
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ - requires given linux commands to be executed as a regular non-privileged user

How to check the status of SELinux

You can check the current status of SELinux at any time by executing the following command.

$ sestatus
Checking the current mode of SELinux
Checking the current mode of SELinux

On our test system, the screenshot above indicates that the "current mode" of SELinux is enforcing.

An even easier way to quickly check the status is with the getenforce command, which will only output the current mode of SELinux and nothing else.

$ getenforce
Enforcing

SELinux has three possible modes that you could see when running the command. They are:

  • Enforcing - SELinux is active and enforcing its policy rules.
  • Permissive - SELinux permits every thing, but logs the events it would normally deny in enforcing mode.
  • Disabled - SELinux is not enforcing rules or logging anything.

By default, AlmaLinux has SELinux enabled and in enforcing mode.

How to disable SELinux

Depending on your needs, disabling SELinux could involve either changing it to permissive mode, or disabling it entirely.

Setting SELinux to permissive mode will disable all aspects of SELinux except for logging messages. We don't need to reboot our system for this change to take effect, and we can make the change by executing the following command.

$ sudo setenforce 0

SUBSCRIBE NEWSLETTER & RSS
Subscribe to RSS and NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.


You can verify the change by checking SELinux current mode again, either with the sestatus or getenforce command.

SELinux is currently in permissive mode
SELinux is currently in permissive mode

When you reboot the system, SELinux will change back to enforcing mode. If you'd like the change to be permanent, you can use the following step by step instructions to disable SELinux completely or keep it in permissive mode.

  1. Use nano or your favorite text editor to open the SELinux configuration file located in /etc/selinux/config. You'll need to do this with the root account or sudo command.
    $ sudo nano /etc/selinux/config
    
  2. Change the SELINUX=enforcing line to either "permissive" or "disabled", depending on the setting you prefer. Then, exit this file after saving your changes to it.
    SELINUX=disabled
    
  3. Set the SELINUX directive to disabled to permanently disable it
    Set the SELINUX directive to disabled to permanently disable it
  4. Once you reboot the system, SELinux will be totally disabled. To avoid restarting now, execute the setenforce 0 command as explained above to get instant results while you wait till the next reboot.
    $ reboot
    
  5. After a reboot, SELinux has been disabled completely
    After a reboot, SELinux has been disabled completely

Closing Thoughts

In this guide, we saw how to disable SELinux on an AlmaLinux system, both by setting the current mode to permissive, and by disabling SELinux completely. SELinux is a helpful feature that should only be disabled with prior consideration, or in test environments. Still, it can cause problems in certain situations, so the developers have given us a way to disable it.

FIND LATEST LINUX JOBS on LinuxCareers.com
Submit your RESUME, create a JOB ALERT or subscribe to RSS feed.
LINUX CAREER NEWSLETTER
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.