How to Configure SELinux on CentOS Stream 9

To configure SELinux on CentOS Stream 9, follow the steps below.

Step 1 : SELinux is enabled by default. Check the current status using the command:


Step 2 : Display SELinux status details:


Step 3 : SELinux Modes:

  • Enforcing: Enforces access controls and denies policy violations.
  • Permissive: Logs policy violations but allows them to occur.
  • Disabled: SELinux is turned off.

Step 4 : Disable SELinux:

- Disable temporarily:

setenforce 0

- Disable permanently:

Edit /etc/selinux/config

And set SELINUX=disabled.

- If disabled permanently, reboot the system.

Step 5 : Check the status again:


Step 6 : Basic SELinux Configuration (Example using Apache):

- Install Apache:

sudo yum install httpd

- Edit /etc/httpd/conf/httpd.conf and add:

Listen 8001

- Create a custom configuration for port 8001 and set the root folder to /home/ Create a new configuration file : /etc/httpd/conf.d/

<VirtualHost *:8001>
    DocumentRoot /home/

    <Directory "/home/">
        AllowOverride All
        Require all granted

- Create the index file and set permissions using chmod:

mkdir /home/
echo "Hello, SELinux!" > /home/
sudo chown -R apache:apache /home/
chmod -R 755 /home/

- Test the configuration:

apachectl configtest

- If using a firewall, open the configured port:

sudo firewall-cmd --permanent --add-port=8001/tcp
sudo firewall-cmd --reload

- Install policycoreutils-python-utils

sudo yum install policycoreutils-python-utils

- View the current port settings:

semanage port -l

- Filter and check for the port type:

semanage port -l | grep -w http_port_t

- Add a new port context:

sudo semanage port -a -t http_port_t -p tcp 8001

- Verify the port settings:

semanage port -l | grep -w http_port_t

- Restart Apache:

sudo systemctl restart httpd

- Match SELinux contexts:

sudo semanage fcontext -a -t httpd_sys_rw_content_t "/home/*)?"

- Apply the changes:

sudo restorecon -R -v /home/

- Visit in a web browser.

Congratulations! Your SELinux configuration for CentOS Stream 9 is now complete.