19.Laptop Bed

Let’s run a few commands to disable or turn off the SELinux on Rocky Linux 8 using the command terminal.

SELinux is now the standard in the Linux environment when it comes to the use of mandatory access control. Initially, the system had a reputation for being difficult to configure and only usable for experts. Those days are over. SELinux can now also be used and configured by “ordinary” admins.

Well, in a conventional system, there are many different programs that all need to run with root privileges in order to be able to do their job, but should not have full root privileges (why should Apache have access to the mail pool files, for example?). SELinux is based on the TE principle (Type Enforcement): all resources are assigned to specific domains and access rules are defined on them. In short- all files are labeled, i.e. assigned to a specific domain; this means, for example, that all files belonging to Apache can be assigned the “apache_t” type. The Apache binary is also plugged into this domain. If the rest of the system is set up correctly, Apache can only access the data that is in its domain; any access to files located within other domains (e.g. “postfix_t”) is prevented by the kernel.