Security-Enhanced Linux

Last modified on March 24, 2023

If you have SELinux enabled, the StrongDM gateway installation will fail. You’ll need to set SELinux in permissive mode on each host before you attempt to deploy a gateway.

Disable SELinux

Security-Enhanced Linux, or SELinux, allows you to set access control through policies.

  1. Check the SELinux state: getenforce If the output is either Permissive or Disabled, you should be set. If the output is enforcing, continue to the next step.
  2. There are two ways that you can disable SELinux - either by editing a config file, or by using the setenforce command
    1. If editing the config file, Open the /etc/selinux/config file (in some systems, the /etc/sysconfig/selinux file).
    2. Change the line SELINUX=enforcing to SELINUX=permissive.
    3. Save and close the file.
    4. Reboot your system
  3. If using the setenforce simply run the command sudo setenforce 0
  4. After performing either of the above methods, check again using getenforce
    $ getenforce
Permissive

Re-Enable SELinux

Once you’ve deployed a gateway, you’ll want to re-enable SELinux. This is just a reverse of the disabling process..

  1. Check the SELinux state: getenforce If the output is Enforcing, SELinux is already enabled. If the output is Permissive or Disabled, continue to the next step.
  2. There are two ways that you can re-enable SELinux - either by editing a config file, or by using the setenforce command
    1. If editing the config file, Open the /etc/selinux/config file (in some systems, the /etc/sysconfig/selinux file).
    2. Change the line SELINUX=permissive to SELINUX=enforcing.
    3. Save and close the file.
    4. Reboot your system
  3. If using the setenforce, simply run the command sudo setenforce 1.
  4. After performing either of the above methods, check again using getenforce
    $ getenforce
Enforcing