Disable SELinux for SAP HANA?


What is SELinux:

SELinux also called as Security Enhanced Linux is a prototype first developed by National Security Agency and it allows administrators to have more control over who can access the system.

SELinux determines the access control for various processes, applications & Files on Linux systems.

For this purpose it uses the security policies which contains rules to manage the access control.

SELinux and SAP HANA.

As per the recommended OS settings provided by SAP for RHEL 8, SELinux must be DISABLED for SAP HANA system on RHEL.

RedHat Linux uses SELinux technology which is enabled by default.

As there is no SELinux policy available for SAP HANA, if SELinux is left enabled , which may create problems for SAP HANA running on RHEL.

How to Disable SELinux in SAP

We can use getenforce command to check the SELinux mode on RHEL.

# getenforce

We cannot change the SELinux mode from Enforcing to Disabled on the running Linux system.
This will disable SELinux dynamically.

If we need to set SELinux mode permanently to Disabled, use below command followed by Server bounce.

# sed -i 's/\(SELINUX=enforcing\|SELINUX=permissive\)/SELINUX=disabled/g' /etc/selinux/config

This will change the file /etc/selinux/config such that all the SElinux parameter values other than disabled will be changed to this value.

Server reboot is must to make these changes effective.

Disclaimer: Above settings we performed were recommended by SAP in note which was last updated on 1-Apr 2020 version-14.
Please refer to the latest updated notes as SAP updates Notes frequently.