SELinux
SELinux is already disabled in the kernel command line, thanks to GRUB. Therefore, the /etc/sysconfig/selinux
settings are ignored. The following changes reinforce this and are considered good practice.
If you must have SELinux enabled as part of your build standard, you can enable it. However, this may impact overall performance.
[root@rhel-tiger-14-6 ~]# sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config [root@rhel-tiger-14-6 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
SELINUX=disabled
: disable SELinux.
You can check SELinux status using one of the following commands:
[root@rhel-tiger-14-6 ~]# sestatus SELinux status: disabled
[root@rhel-tiger-14-6 ~]# getenforce Disabled