AlmaLinux 10

How to Configure SELinux on AlmaLinux 10

To configure SELinux on AlmaLinux 10, follow the steps below to understand its modes, adjust settings, and work with SELinux when running services like Apache.

Step 1 : Check SELinux Status (Default Enabled)

By default, SELinux is enabled. Verify its current mode with:

getenforce

Step 2 : View Detailed SELinux Status

sestatus

Step 3 : SELinux Modes Explained

- Enforcing – SELinux policies are fully enforced. Unauthorized actions are blocked.

- Permissive – Actions are allowed but logged. Useful for debugging.

- Disabled – SELinux is turned off completely.

Step 4 : Disable SELinux (Only If Necessary)

- Temporarily Disable SELinux

sudo setenforce 0

- Permanently Disable SELinux

Edit the config file:

sudo nano /etc/selinux/config

Change:

SELINUX=disabled

- Reboot Required : After permanent changes:

sudo reboot

Step 5 : Verify SELinux Status

After reboot (or change):

sestatus

Step 6 : Example — Configure Apache to Use a Custom Port and Directory Under SELinux

- Install Apache (httpd)

sudo dnf install httpd -y

- Edit Apache Config to Listen on Port 8001

Edit:

sudo nano /etc/httpd/conf/httpd.conf

Add:

Listen 8001

- Create a Virtual Directory and Custom Document Root

Example directory:

sudo mkdir -p /home/example.com

Create virtual host file:

sudo nano /etc/httpd/conf.d/example.conf

Add:

<VirtualHost *:8001>
    ServerAdmin webmaster@example.com
    ServerName example.com
    DocumentRoot /home/example.com

    <Directory "/home/example.com">
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

- Create Index File and Set Permissions

echo "Hello SELinux Test" | sudo tee /home/example.com/index.html
sudo chmod -R 755 /home/example.com

Test Apache Configuration

sudo apachectl configtest

- Open Firewall Port (If FirewallD Is Enabled)

sudo firewall-cmd --permanent --add-port=8001/tcp
sudo firewall-cmd --reload

- Install SELinux Management Tools

sudo dnf install policycoreutils-python-utils -y

- List Current HTTP Ports

semanage port -l | grep -w http_port_t

- Add New Port (8001) to SELinux

sudo semanage port -a -t http_port_t -p tcp 8001

- Verify Port Was Added

semanage port -l | grep 8001

- Restart Apache

sudo systemctl restart httpd

- Apply Correct SELinux Context to Custom Directory

sudo semanage fcontext -a -t httpd_sys_rw_content_t "/home/example.com(/.*)?"

- Apply New SELinux Label

sudo restorecon -R /home/example.com

- Access the Website : Open in browser:

http://your-domain-or-ip:8001

You should see your test page.

Congratulations, You have successfully configured SELinux on AlmaLinux 10, adjusted policies, and set up Apache to run on a custom port and directory under SELinux rules.