SELinux is an acronym for Security-Enhanced Linux. It is a Linux kernel security feature for access control. SELinux is an implementation of a mandatory access control mechanism in the Linux kernel and was developed by NSA. Security-enhanced Linux is a reference implementation of the Flask security architecture for flexible mandatory access control. It was created to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system. This guide shows how to turn off SELinux running on Linux operating systems.
How To Turn off SELinux
Open a command-line terminal (select Applications > Accessories > Terminal), and then type the following command. Alternatively, you can login using ssh to remote system and type the same command. You must be root to type the following command:
# echo 0 >/selinux/enforce
You can also use the setenforce command to effectively disable it, enter:
# setenforce Permissive
OR
# setenforce 0
The above commands will switch off SELinux enforcement temporarily until the Linux box is rebooted.
To Turn off SELinux security features
If you would like to make it permanently, edit the /etc/sysconfig/selinux or /etc/selinux/config file, enter:
# vi /etc/sysconfig/selinux
And set / update it as follows:
SELINUX=disabled
Save and close the file. The above will only work in CentOS, Fedora and RedHat Enterprise Linux systems. For all other Linux distros edit your boot loader config file (LILO or GRUB boot loader config file such as /boot/grub/grub.conf). Find the kernel line, append enforcing=0 at the end:
title Red Hat Enterprise Linux Server (2.6.18-194.26.1.el5) root (hd0,0) kernel /vmlinuz-2.6.18-194.26.1.el5 ro root=LABEL=/ console=tty0 console=ttyS1,19200n8 <span style='color: rgb(255, 0, 0);'>enforcing=0</span> initrd /initrd-2.6.18-194.26.1.el5.img |
Reboot the Linux server
Finally, reboot the system:
# reboot
Verify that SELinux has been disabled in your system by typing the following two commands:
$ sestatus
$ getenforce
Disabled
Conclusion
I hope you learned how to turn off SELinux using command line options. For more info see:
- Disable SELinux on CentOS 7 / RHEL 7 / Fedora Linux
- SELinux wiki page here
8 comment
Your intro has a typo, you put of instead of off.
How do I turn of SELinux (Security-Enhanced Linux) under Linux operating systems?
Great website, keep it up.
@Collin,
The faq has been updated. I appreciate your feedback.
Is it possible to disable selinux for specific filesystem or directory ? And rest of system will use selinux in enforncing mode.
Have same problem but SELinux is not even installed, Any other ideas to solve this problem?
Thanks
Thanks for the post. This problem took many hours.
Thanks a bunch. This post was really helpful
Thanx! This was *really* helpful post. I had toggled some SELinux boolean values to try to get my CGI scripts working in Apache, and accidentally toggled “secure_mode_policyload” to true. This was a bad mistake, as it meant I had locked-down the machine (I had used the GUI in Gnome).. and of course any attempt to reset it back to zero, was no longer possible. This meant my Linux box was locked down, with no way for even root to change SELinux from “Enforcing” mode! Trying to set policy values gives weird error messages. I had to use Grub editor at boot time, to assert the “enforcing=0” parameter to vmlinuz (kernel startup). Dumb error on my part, but it took a lot of google-searching before I found this post. Using Grub, I put “enforcing=0” on the vmlinuz cmd line (boot parameters), and managed to recover control of my own machine. IMHO, SELinux is toxic, but given nature of modern security breaches, looks like we have to use it. But I still cannot get my CGI scripts to run in Apache, unless I set SELinux to “permissive”, so this saga is not over yet. Thanx for posting this info.
Samba 3 will not authenticate if SELINUX
is enabled.