mirror of
https://pagure.io/fedora-docs/quick-docs.git
synced 2024-10-19 09:37:11 +00:00
51 lines
1.3 KiB
Text
51 lines
1.3 KiB
Text
// Module included in the following assemblies:
|
|
//
|
|
// changing-selinux-states-and-modes.adoc
|
|
|
|
[#{context}-disabling-selinux]
|
|
= Disabling SELinux
|
|
|
|
When SELinux is disabled, SELinux policy is not loaded at all; it is not enforced and AVC messages are not logged. Therefore, all benefits of running SELinux listed in link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/getting-started-with-selinux_using-selinux#benefits-of-selinux_getting-started-with-selinux[Benefits of SELinux] are lost.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
It is recommended to use permissive mode instead of permanently disabling SELinux. See xref:{context}-changing-to-permissive-mode[] for more information about permissive mode.
|
|
====
|
|
|
|
.Prerequisites
|
|
|
|
* The [package]`grubby` package is installed:
|
|
+
|
|
[subs="quotes"]
|
|
----
|
|
$ *rpm -q grubby*
|
|
grubby-_version_
|
|
----
|
|
|
|
.Procedure
|
|
|
|
To permanently disable SELinux:
|
|
|
|
. Configure your bootloader to add `selinux=0` to the kernel command line:
|
|
+
|
|
[subs="quotes"]
|
|
----
|
|
$ *sudo grubby --update-kernel ALL --args selinux=0*
|
|
----
|
|
|
|
. Restart your system:
|
|
+
|
|
[subs="quotes"]
|
|
----
|
|
$ *reboot*
|
|
----
|
|
|
|
.Verification step
|
|
|
|
* After reboot, confirm that the [command]`getenforce` command returns `Disabled`:
|
|
+
|
|
[subs="quotes"]
|
|
----
|
|
$ *getenforce*
|
|
Disabled
|
|
----
|