How to Permanently Disable SELinux in Rocky Linux 9.2

To permanently disable SELinux in Rocky Linux 9.2

Introduction:

SELinux stands for Security-Enhanced Linux. It is a security feature implemented in certain Linux distributions, including Red Hat Enterprise Linux (RHEL), Fedora, CentOS, and others. SELinux provides an additional layer of security by enforcing mandatory access control (MAC) policies.

Installation Procedure:

Step 1: Check the version of OS by using the below command

[root@Linuxhelp ~]# cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.2 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.2 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.2"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"

Step 2: Check the status of SElinux by using the below command

 [root@Linuxhelp ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

Step 3: Install grubby Command, To disable SELinux in Red Hat Linux 9 based distros, by using the below command

 [root@Linuxhelp ~]# dnf install -y grubby
Last metadata expiration check: 2:16:33 ago on Fri 21 Jul 2023 03:58:16 PM IST.
Package grubby-8.40-63.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

Step 4: Execute the below command to permanently disable SELinux

 [root@Linuxhelp ~]# grubby --update-kernel ALL --args selinux=0

Step 5: Reboot your machine now by using the below command

 [root@Linuxhelp ~]# reboot

Step 6: Again, verify the status of SELinux by using the below command

 [root@Linuxhelp ~]# sestatus
SELinux status:                 disabled

SELinux has been permanently disabled.

Conclusion:

We have reached the end of this article. In this guide, we have walked you through the steps required to Permanently Disable SELinux in Rocky Linux 9.2. Your feedback is much welcome.

Tag : Linux SELinux Security
FAQ
Q
How can I manage SELinux policies on Rocky Linux 9.2?
A
You can use the semanage and semodule utilities to manage SELinux policies.
semanage allows you to configure SELinux policy modules and specific policy settings, while semodule helps manage SELinux policy modules.
Q
What are the different SELinux modes?
A
SELinux operates in three modes: enforcing, permissive, and disabled.
Q
How can I change the SELinux mode on Rocky Linux 9.2?
A
vi /etc/selinux/config
# Change SELINUX=enforcing to SELINUX=permissive
# Save the file and exit the editor
sudo reboot
After the reboot, SELinux will be in permissive mode.
Q
How can I check the status of SELinux on Rocky Linux?
A
You can check the SELinux status by running the following command in the terminal:
sestatus
Q
Is SELinux enabled by default on Rocky Linux 9.2?
A
Yes, SELinux is enabled by default on Rocky Linux 9.2. This means that when you install the operating system, SELinux will be in enforcing mode to provide a higher level of security