The SELINUX=disabled option in the /etc/selinux/config file was removed from the kernel with the RHEL9.0 release. The system boots up with SELinux enabled but no policy loaded if SELINUX=disabled is defined in /etc/selinux/config.
- The only way to turn it off is to run the kernel with the selinux=0 option.
- Use grubby to ensure that the bootloader always boots with selinux=0.
# grubby --update-kernel ALL --args selinux=0
- To restore SELinux to its default state, follow these steps.
# grubby --update-kernel ALL --remove-args selinux
Please note support for disabling SELinux through /etc/selinux/config has been removed in CentOS 9, and AlmaLinux 9.