How to set SELinux to permissive mode permanently – Let’s do it!!
Wondering how to set SELinux to permissive mode permanently? We can help you with changing it.
SELinux is a security feature that is mainly designed to protect the server.
At Bobcares, we get requests on SELinux as a part of our Server Management Services.
Today, let’s see how our Support Engineers change SELinux to permissive mode permanently.
Explore more about SELinux
SELinux abbreviated as Security-Enhanced Linux is a common security feature in many servers. Basically, it allows the administrator to manage access controls for the applications, processes, and files on a system.
Also, it uses security policies, which are a set of rules. Generally, these rules tell SELinux what to access and what not to access.
Here are the 3 different types of modes available in SELinux:
1. Disabled Mode: It doesn’t load the SELinux policy at all when SELinux is in disabled status. Also, it enforces none of the policies and logs nothing.
2. Permissive Mode: Similarly, in this mode policy rules will not be enforced, but it keeps a log file for denial messages.
3. Enforcing Mode: Here, based on SELinux policy rules it denies access to users and programs.
As a matter of fact, the mode of SELinux in the server has direct influence on the purpose of the server. This is where the experience of our Dedicated Engineers comes handy for the customers.
How we set SELinux to permissive mode permanently?
Recently, one of our customers approached us with a query regarding SELinux. He said, he has to permanently change SELinux to permissive mode.
So, we suggested two methods.
1. Using /etc/selinux/config
In this method, we suggest customers edit the configuration file /etc/selinux/config. Here, we change the SELINUX value to “SELINUX=permissive”.
However, for the changes to reflect, we suggest the customers reboot the system.
2. Using the Kernel boot parameters at installation in SELinux.
Similarly, we use the Kernel boot parameter at boot to change the SELinux mode to permissive permanently.
In this case, we first edit the /etc/grub.conf file and add the option “selinux=1 enforcing=0” to the boot parameters.
# cat /etc/grub.conf ........ root (hd0,0) kernel /xxxx root= /dev/*** selinux=1 enforcing=0 .........
In either way, we can easily set SELinux to permissive mode permanently.
[Having trouble with SELinux? We can fix it for you.]
In short, we can permanently change SELinux to a permissive mode in two ways. Today we discussed in detail the different SELinux modes and saw how our Support Engineers set the modes for our customers.