I have a fedora desktop. I want to run some services but I get an error about SELinux. How can I disable SELinux? Selinux is a security mechanism used generally Linux systems. It has support from Linux kernel. Selinux creates the context for specified services, applications, and users. Prevent these to access an unrelated or unsecured part of the Linux systems. In this tutorial, we will look at how to disable and enable SELinux temporarily or persistently.
Get Status Of SELinux
Before enabling or disabling
selinux status listing current status is very useful. We can use
sestatus command which will show whether SELinux is enabled or disabled.
sestatus is not installed we can install it in Ubuntu, Debian, Kali, Mint with the following command.
$ sudo apt install policycoreutils
Disable SELinux Temporarily
We can disable SELinux in two-mode. We can disable SELinux temporarily with the
setenforce command . This type of command will be effective up to reboot. After reboot configured settings will be effective.
$ setenforce 0
Disable SELinux Persistently
We can disable SELinux persistently by changing /etc/selinux/config . Open the file with nano. We need to be root to edit this file.
$ nano /etc/selinux/config
We will se following lines. To disable SELinux SELINUX=disabled . After this please reboot the system.
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
Enable SELinux Temporarily
We can enable SELinux temporarily which will affect up to reboot with
setenforce 1 command which is the reverse of disabling command.
$ setenforce 1
Enable SELinux Persistently
Similar to the disable we will change above configuration file SELINUX=enforcing .