disable selinux in redhat or centos linux

How to Disable SELinux in CentOS & RHEL

SELinux (Security Enhanced Linux) is a kernel security module that provides pre-built security features for Linux. It is a great utility for access control-based security policies. It also defines how processes communicate with each other and also with files. It is advisable to keep SELinux on, especially in production systems. But, if for some reason, you are facing issues with SELinux, you can disable it. In this article, we will learn how to disable SELinux in CentOS & RHEL.


How to Disable SELinux in CentOS & RHEL

Bu default, there are three modes for SELinux:

  • Enforcing – All SELinux policies are enforced
  • Permissive – Access is allowed but warnings are issued for rule violation
  • Disabled – No SELinux policies are enforced


Check SELinux Status

First of all, check SELinux status with the following command.

$ sestatus 
OR
$ getenforce

You will see output similar to the following. The first line will indicate its status and the ‘Current Mode’ will indicate its current mode.

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33 


Disable SELinux on RHEL/CentOS

To disable SELinux, open its configuration file in text editor.

$ sudo nano /etc/selinux/config

Add/Modify SELINUX variable to disabled.

SELINUX=disabled

Save and exit the file. Reboot your system to apply changes. If you want to re-enable SELinux, just change the above SELinux variable to enforcing.

SELINUX=enforcing

You may also set it to Permissive mode as shown below. There are two ways to do this – temporarily or permanently.


Set SELinux to Permissive Mode (Temporary)

In this case, the SELinux policies will not be enforced but warnings will be issues in case of policy violations. You can temporarily set SELinux to permissive mode with the following commands.

$ sudo setenforce 0 
OR
$ sudo setenforce Permissive 

In this case, when you reboot your system, the permissive mode will be disabled and SELinux will start enforcing policies.

If you want to permanently set SELinux to Permissive mode, you need to modify its configuration file as shown below.


Set SELinux to Permissive Mode (Permanent)

For this purpose, open SELinux configuration file in a text editor.

$ sudo vi /etc/selinux/config 

Set the SELinux to permissive.

SELINUX=permissive

Save and exit the file. Now when you reboot the system, SELinux will be in permissive mode.

In this article, we have learnt how to disable SELinux as well as how to set it to permissive mode.

Also read:

How to Setup SSH Tunneling
How to Save Terminal History in Linux
How to Delete All Instances of Character from String in Python
How to Randomly Select Item from List in Python
How to Concatenate Strings in MySQL

Leave a Reply

Your email address will not be published.