Disable SELinux on Ubuntu:
2 min readJun 19, 2020
Introduction:
- Also known as Security Enhanced Linux.
- SELinux is a MAC (mandatory access control)module present in the kernel of Linux systems. It is developed by Redhat and NSA and released around 1998.
- It is an additional layer of security services on top of the standard Linux DAC (Discretionary access control) User/Group based permissions.
- It adds protection to your Linux operating system by not allowing everything that has not been specifically allowed.
- It is an open-source application that protects the host by isolating each application and confining its activities.
- By default, Ubuntu uses AppArmor and not SELinux,
Disable SELinux on Ubuntu:
- By default, it is installed in Ubuntu and you can validate by running the following command:
sestatusSELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
As we can see SELinux is enabled.
Disable SELinux Temporarily:
- The following methods only works until the system does not reboot.
- It will update for the current shell.
# echo 0 > /selinux/enforce or # setenforce 0
or # setenforce Permissive
Disable SELinux Permanently:
To permanently disable SELinux, use any text editor to open the file /etc/sysconfig/selinux
as follows and set:
SELINUX=disabled
- Update and close the file, and don’t forget reboot then only it will start working.
- After Reboot.
- Validate, it should look like below.
$ sestatusSELinux status: disabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
Thanks
Happy Learning!!