How to disable/enable SELinux on Ubuntu 20.04 Focal Fossa Linux

by

The objective of this article is to install, enable and disable SELinux on Ubuntu 20.04 Focal Fossa Linux.

WARNING
Make sure that you know what you are doing! Ubuntu offers AppArmor as an alternative to SELinux. While SELinux is available on Ubuntu, it is rather in an experimental stage and most likely will beak your system if set to enforcing mode. In case you must use SELinux, make sure to disable AppArmor first. Also set SELinux first to permissive mode and check your logs for potential issues before you enable enforcing mode. If needed, you can always disable selinux and revert back to AppArmor.

In this tutorial you will learn:

Enabled SELinux on Ubuntu 20.04 Focal Fossa Linux

Enabled SELinux on Ubuntu 20.04 Focal Fossa Linux

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Installed Ubuntu 20.04 or upgraded Ubuntu 20.04 Focal Fossa
Software SELinux
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

How to disable/enable SELinux on Ubuntu 20.04 step by step instructions

Enable SELinux

  1. The first step is to install SELinux. Use the aptcommand to install the following packages: 
    $ sudo apt install policycoreutils selinux-utils selinux-basics
  2. Activate SELinux: 
    $ sudo selinux-activate
  3. Next, set SELinux to enforcing mode: 
    $ sudo selinux-config-enforcing
    Activate SELinux and set to Enforcing mode

    Activate SELinux and set to Enforcing mode

  4. Reboot your system. The relabelling will be triggered after you reboot your system. When finished the system will reboot one more time automatically.
    5. SELinux Relabelling on Ubuntu 20.04

    SELinux Relabelling on Ubuntu 20.04

  5. Check the selinux status:

    $ estatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             default
Current mode:                   enforcing
Mode from config file:          error (Success)
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     requested (insecure)
Max kernel policy version:      31

Disable SELinux

  1. To disable SELinux open up the /etc/selinux/config configuration file and change the following line: 
    FROM:
SELINUX=enforcing
TO:
SELINUX=disabled
  2. Reboot your system.

Related Posts: