How To Turn off SELinux using command line

How do I turn off SELinux (Security-Enhanced Linux) under Linux operating systems?

SELinux is an acronym for Security-Enhanced Linux. It is a Linux kernel security feature for access control. SELinux is an implementation of a mandatory access control mechanism in the Linux kernel and was developed by NSA. Security-enhanced Linux is a reference implementation of the Flask security architecture for flexible mandatory access control. It was created to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system. This guide shows how to turn off SELinux running on Linux operating systems.

ADVERTISEMENTS

How To Turn off SELinux

Open a command-line terminal (select Applications > Accessories > Terminal), and then type the following command. Alternatively, you can login using ssh to remote system and type the same command. You must be root to type the following command:
# echo 0 >/selinux/enforce
You can also use the setenforce command to effectively disable it, enter:
# setenforce Permissive
OR
# setenforce 0
The above commands will switch off SELinux enforcement temporarily until the Linux box is rebooted.
Ho to turn off SELinux

To Turn off SELinux security features

If you would like to make it permanently, edit the /etc/sysconfig/selinux or /etc/selinux/config file, enter:
# vi /etc/sysconfig/selinux
And set / update it as follows:
SELINUX=disabled
Save and close the file. The above will only work in CentOS, Fedora and RedHat Enterprise Linux systems. For all other Linux distros edit your boot loader config file (LILO or GRUB boot loader config file such as /boot/grub/grub.conf). Find the kernel line, append enforcing=0 at the end:

title Red Hat Enterprise Linux Server (2.6.18-194.26.1.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-194.26.1.el5 ro root=LABEL=/ console=tty0 console=ttyS1,19200n8 <span style='color: rgb(255, 0, 0);'>enforcing=0</span>
        initrd /initrd-2.6.18-194.26.1.el5.img

Reboot the Linux server

Finally, reboot the system:
# reboot
Verify that SELinux has been disabled in your system by typing the following two commands:
$ sestatus
$ getenforce

Disabled

Conclusion

I hope you learned how to turn off SELinux using command line options. For more info see:

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
8 comments… add one
  • Collin Jun 6, 2012 @ 13:13

    Your intro has a typo, you put of instead of off.

    How do I turn of SELinux (Security-Enhanced Linux) under Linux operating systems?

    Great website, keep it up.

  • 🐧 nixCraft Jun 6, 2012 @ 13:31

    @Collin,

    The faq has been updated. I appreciate your feedback.

  • Map Mar 15, 2014 @ 10:46

    Is it possible to disable selinux for specific filesystem or directory ? And rest of system will use selinux in enforncing mode.

  • ugis Jul 26, 2014 @ 19:51

    Have same problem but SELinux is not even installed, Any other ideas to solve this problem?
    Thanks

  • Divo Jan 31, 2016 @ 13:34

    Thanks for the post. This problem took many hours.

  • kindyslam Mar 31, 2016 @ 2:01

    Thanks a bunch. This post was really helpful

  • Russel Future Nov 17, 2016 @ 17:18

    Thanx! This was *really* helpful post. I had toggled some SELinux boolean values to try to get my CGI scripts working in Apache, and accidentally toggled “secure_mode_policyload” to true. This was a bad mistake, as it meant I had locked-down the machine (I had used the GUI in Gnome).. and of course any attempt to reset it back to zero, was no longer possible. This meant my Linux box was locked down, with no way for even root to change SELinux from “Enforcing” mode! Trying to set policy values gives weird error messages. I had to use Grub editor at boot time, to assert the “enforcing=0” parameter to vmlinuz (kernel startup). Dumb error on my part, but it took a lot of google-searching before I found this post. Using Grub, I put “enforcing=0” on the vmlinuz cmd line (boot parameters), and managed to recover control of my own machine. IMHO, SELinux is toxic, but given nature of modern security breaches, looks like we have to use it. But I still cannot get my CGI scripts to run in Apache, unless I set SELinux to “permissive”, so this saga is not over yet. Thanx for posting this info.

  • Steve Savasky Dec 11, 2016 @ 0:39

    Samba 3 will not authenticate if SELINUX
    is enabled.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.