HowTo: Turn off SELinux

Posted on in Categories last updated June 6, 2012

How do I turn off SELinux (Security-Enhanced Linux) under Linux operating systems?

Open a command-line terminal (select Applications > Accessories > Terminal), and then type the following command. Alternatively, you can login using ssh to remote system and type the same command. You must be root to type the following command:
# echo 0 >/selinux/enforce
You can also use the setenforce command to effectively disable it, enter:
# setenforce Permissive
OR
# setenforce 0
The above commands will switch off SELinux enforcement temporarily until the machine is rebooted. If you would like to make it permanently, edit /etc/sysconfig/selinux, enter:
# vi /etc/sysconfig/selinux
And set / update it as follows:
SELINUX=disabled
Save and close the file. The above will only work in CentOS, Fedora and RedHat Enterprise Linux systems. For all other Linux distros edit your boot loader config file (LILO or GRUB boot loader config file such as /boot/grub/grub.conf). Find the kernel line, append enforcing=0 at the end:

title Red Hat Enterprise Linux Server (2.6.18-194.26.1.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-194.26.1.el5 ro root=LABEL=/ console=tty0 console=ttyS1,19200n8 enforcing=0
        initrd /initrd-2.6.18-194.26.1.el5.img

Finally, reboot the system:
# reboot

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Share this on:

8 comment

  7. Thanx! This was *really* helpful post. I had toggled some SELinux boolean values to try to get my CGI scripts working in Apache, and accidentally toggled “secure_mode_policyload” to true. This was a bad mistake, as it meant I had locked-down the machine (I had used the GUI in Gnome).. and of course any attempt to reset it back to zero, was no longer possible. This meant my Linux box was locked down, with no way for even root to change SELinux from “Enforcing” mode! Trying to set policy values gives weird error messages. I had to use Grub editor at boot time, to assert the “enforcing=0” parameter to vmlinuz (kernel startup). Dumb error on my part, but it took a lot of google-searching before I found this post. Using Grub, I put “enforcing=0” on the vmlinuz cmd line (boot parameters), and managed to recover control of my own machine. IMHO, SELinux is toxic, but given nature of modern security breaches, looks like we have to use it. But I still cannot get my CGI scripts to run in Apache, unless I set SELinux to “permissive”, so this saga is not over yet. Thanx for posting this info.

    Reply Report comment

Leave a Comment

Tagged as: Tags , , , , , , , , , , , , , , , , , , ,