SELinux (Security Enhanced Linux) is a kernel security module that provides pre-built security features for Linux. It is a great utility for access control-based security policies. It also defines how processes communicate with each other and also with files. It is advisable to keep SELinux on, especially in production systems. But, if for some reason, you are facing issues with SELinux, you can disable it. In this article, we will learn how to disable SELinux in CentOS & RHEL.
How to Disable SELinux in CentOS & RHEL
Bu default, there are three modes for SELinux:
- Enforcing – All SELinux policies are enforced
- Permissive – Access is allowed but warnings are issued for rule violation
- Disabled – No SELinux policies are enforced
Check SELinux Status
First of all, check SELinux status with the following command.
$ sestatus OR $ getenforce
You will see output similar to the following. The first line will indicate its status and the ‘Current Mode’ will indicate its current mode.
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33
Disable SELinux on RHEL/CentOS
To disable SELinux, open its configuration file in text editor.
$ sudo nano /etc/selinux/config
Add/Modify SELINUX variable to disabled.
Save and exit the file. Reboot your system to apply changes. If you want to re-enable SELinux, just change the above SELinux variable to enforcing.
You may also set it to Permissive mode as shown below. There are two ways to do this – temporarily or permanently.
Set SELinux to Permissive Mode (Temporary)
In this case, the SELinux policies will not be enforced but warnings will be issues in case of policy violations. You can temporarily set SELinux to permissive mode with the following commands.
$ sudo setenforce 0 OR $ sudo setenforce Permissive
In this case, when you reboot your system, the permissive mode will be disabled and SELinux will start enforcing policies.
If you want to permanently set SELinux to Permissive mode, you need to modify its configuration file as shown below.
Set SELinux to Permissive Mode (Permanent)
For this purpose, open SELinux configuration file in a text editor.
$ sudo vi /etc/selinux/config
Set the SELinux to permissive.
Save and exit the file. Now when you reboot the system, SELinux will be in permissive mode.
In this article, we have learnt how to disable SELinux as well as how to set it to permissive mode.
How to Setup SSH Tunneling
How to Save Terminal History in Linux
How to Delete All Instances of Character from String in Python
How to Randomly Select Item from List in Python
How to Concatenate Strings in MySQL