Fortinet white logo
Fortinet white logo

KVM Administration Guide

SELinux

SELinux

SELinux is already disabled in the kernel command line, thanks to GRUB. Therefore, the /etc/sysconfig/selinux settings are ignored. The following changes reinforce this and are considered good practice.

If you must have SELinux enabled as part of your build standard, you can enable it. However, this may impact overall performance.

[root@rhel-tiger-14-6 ~]# sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config

[root@rhel-tiger-14-6 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
  • SELINUX=disabled: disable SELinux.

You can check SELinux status using one of the following commands:

[root@rhel-tiger-14-6 ~]# sestatus
SELinux status:                 disabled
[root@rhel-tiger-14-6 ~]# getenforce
Disabled

SELinux

SELinux

SELinux is already disabled in the kernel command line, thanks to GRUB. Therefore, the /etc/sysconfig/selinux settings are ignored. The following changes reinforce this and are considered good practice.

If you must have SELinux enabled as part of your build standard, you can enable it. However, this may impact overall performance.

[root@rhel-tiger-14-6 ~]# sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config

[root@rhel-tiger-14-6 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
  • SELINUX=disabled: disable SELinux.

You can check SELinux status using one of the following commands:

[root@rhel-tiger-14-6 ~]# sestatus
SELinux status:                 disabled
[root@rhel-tiger-14-6 ~]# getenforce
Disabled