CentOS / RHEL: Disable or Enable SELinux Policy Modules

last updated in Categories

How do I disable or enable SELinux policy modules under Red Hat Enterprise Linux running on Dell hardware?

You need to use the semodule command. This command is used to manage SELinux policy modules, including installing, upgrading, listing, disabling and removing modules.

Task: See currently installed modules

Type the following command as the root user:

semodule -l 
semodule -l | more
semodule | less

Sample outputs:

abrt    1.2.0   
accountsd       1.0.0   
ada     1.4.0   
afs     1.5.3   
aiccu   1.0.0   
aide    1.5.0   
aisexec 1.0.0   
amanda  1.12.0  
amavis  1.10.3  
amtu    1.2.0   
apache  2.1.2   
apcupsd 1.6.1   
arpwatch        1.8.1   
asterisk        1.7.1   
audioentropy    1.6.0   
automount       1.12.1  
avahi   1.11.2  
awstats 1.2.0   
bind    1.10.2  
bitlbee 1.2.1   
bluetooth       3.2.2   
....
..
..
 Output truncated
....
..
uuidd   1.0.0   
varnishd        1.1.0   
vdagent 1.0.0   
vhostmd 1.0.0   
virt    1.4.0   
vmware  2.2.0   
vpn     1.12.0  
w3c     1.0.0   
wdmd    1.0.0   
webadm  1.1.0   
webalizer       1.10.0  
wine    1.6.1   
xen     1.9.2   
xfs     1.6.0   
xguest  1.0.1   
zabbix  1.2.0   
zarafa  1.0.0   
zebra   1.10.1  
zosremote       1.1.0   

Task: SELinux disable module

To disable existing module, type:

semodule -d MODULE_NAME_HERE

OR

semodule --disable=MODULE_NAME_HERE

To disable module called webalizer, enter:
# semodule -v -d webalizer
To verify new settings, enter:
# semodule -l | grep webalizer
Sample outputs:

RHEL / CentOS: semodule Command Manage SELinux policy
Fig.01: semodule command disabling SELinux policy module

Task: SELinux enable module

To enable existing module, type:

semodule -e MODULE_NAME_HERE

OR

semodule --enable=MODULE_NAME_HERE

To enable module called webalizer, enter:
# semodule -v -e webalizer
Sample outputs:

Attempting to enable module 'webalizer':
Ok: return value of 0.
Committing changes:
Ok: transaction number 0.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Share this on (or read 1 comments/add one below):

1 comment

    Have a question? Post it on our forum!