SELinux is an acronym for Security-Enhanced Linux. It is a Linux kernel security feature for access control. For example, with the help of SELinux sysadmin can determine which Linux server users and apps can access resources. SELinux is an implementation of a mandatory access control mechanism in the Linux kernel and was developed by NSA. This page shows how to disable SELinux security feature on a CentOS / RHEL and Fedora Linux.
How to disable SELinux on a CentOS 7 / RHEL 7 / Fedora Linux
The procedure to remove and disable SELinux security features is as follows:
- Log in to your server
- Check the current SELinux status, run: sestatus
- To disable SELinux on CentOS 7 temporarily, run: sudo setenforce 0
- Edit the /etc/selinux/config file and set the SELINUX to disabled
- Reboot the Linux server
- Verify it by running the sestatus and getenforce again
Let us see all commands, examples and usage in details.
How to find out SELinux status on CentOS 7
Run the following sestatus command
sestatus
Another option is to run the following command to print the current mode of SELinux
getenforce
Enforcing
Another option is to runt the following cat command:
cat /etc/selinux/config
Sample outputs:
SELINUX=enforcing SELINUXTYPE=targeted
Different types of security policy
The /etc/selinux/config file controls the state of SELinux on the system. SELINUX= can take one of these three values:
- enforcing – SELinux security policy is enforced.
- permissive – SELinux prints warnings instead of enforcing (disabled).
- disabled – No SELinux policy is loaded (disabled).
SELINUXTYPE= can take one of following:
- targeted – Targeted processes are protected.
- minimum – Modification of targeted policy. Only selected processes are protected.
- mls – Multi Level Security protection.
Warning: The author does not recommend disabling SELinux and is not responsible for security problems on your Linux-based server.
Disable SELinux
You can modify the mode SELinux is running in using the setenforce command. For example, to put SELinux in enforcing mode, run:
sudo setenforce Enforcing
sestatus
To put SELinux in permissive mode i.e. disabled mode:
sudo setenforce Permissive
sestatus
getenforce
Please note that is temporary solution to disable SELinux without rebooting the server and active for the current session only. Hence, use the following method for disabling SELinux forever.
Disabling SELinux permanently
Edit the /etc/selinux/config file, run:
sudo vi /etc/selinux/config
Set SELINUX to disabled:
SELINUX=disabled
Save and close the file in vi/vim. Reboot the Linux system:
sudo reboot
After reboot, make sure following commands gives Disabled output indicating that SELinux removed and disabled on your Linux server:
getenforce
sestatus
Conclusion
This page explained how to disable SELinux running on your CentOS 7, RHEL 7 and Fedora Linux. For more information, see this page here.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 1 comment... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Comments on this entry are closed.
Still got problems? Try our forum thread here.