Unable to disable SELinux


The SELINUX=disabled option in the /etc/selinux/config file was removed from the kernel with the RHEL9.0 release. The system boots up with SELinux enabled but no policy loaded if SELINUX=disabled is defined in /etc/selinux/config.

  • The only way to turn it off is to run the kernel with the selinux=0 option.
  • Use grubby to ensure that the bootloader always boots with selinux=0.

# grubby --update-kernel ALL --args selinux=0

  • To restore SELinux to its default state, follow these steps.

# grubby --update-kernel ALL --remove-args selinux

Please note support for disabling SELinux through /etc/selinux/config has been removed in CentOS 9, and AlmaLinux 9.

Leave a Reply