First of all, let's take a short break description of SELinux. What is SELinux and what is the role it plays on the Linux operating system?
SELinux is a kernel security module, which has the role of controlling the access of software applications and users, on the operating system. Launched somewhere around the middle of 2000, SELinux has become over the years present on more and more Linux distributions.
The activity of this module consists in the distribution and control of the security policies in the system, limiting the access of the applications at the level of major subsystems of the kernel.
This security mechanism works independently of the traditional systems for controlling and blocking suspicious activities, present on Linux. Unable to be actively controlled by the "root" superuser and without interaction with applications or third-party scripts, SELinux offers stability to the core.
The security of a Linux system without this SELinux module will automatically depend on the correct configuration of the kernel, the applications with running privileges and their configurations. . A simple error of one of these elements mentioned above can compromise the correct functioning of the entire system.
In conclusion, SELinux can be called a true guardian of Linux operating systems, ensuring integrity, security and stability. Do not confuse this module with an antivirus or firewall. It's totally different.
Users who use Linux for web and cloud servers know that SELinux can have problems running software applications with access and control system privileges.
SELinux can control the operating system activities for each user, application and daemon separately, and enforce precise security policies and restrictions. This can often be a problem for web servers, where most software-specific processes have privileges and interact with the operating system kernel.
Those who have decided to disable this kernel module, often fail to modify the directive, which makes it impossible to load SELinux when restarting the operating system. "Failed to load SELinux policy"
I showed in one how to disable SELinux, to prevent the interruption of the NGINX process on a web server.
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
# SELINUXTYPE= can take one of three two values:
# targeted – Targeted processes are protected,
# minimum – Modification of targeted policy. Only selected processes are protected.
# mls – Multi Level Security protection.
An error that we inadvertently made, and being a remote server, the solution was in complete reinstallation of the operating system. If you are more fortunate, you can correct SELinux only if you have a DVD at hand or you can upload the ISO image of the operating system in "rescue" mode.
Failed to load SELinux Policy is found especially on CentOS 6 and CentOS 7, RHEL 7.x.