This tutorial shows how to disable SELinux in CentOS and other Linux Distributions. You’ll also learn the basic information about what is SELinux and why you should try to avoid disabling it.
Disabling SELinux: Quick Summary
If you already know about SELinux and you are completely aware of the risks you would encounter on disabling it, here’s how to do it.
- Open the config file /etc/
selinux/config or its symbolic link /etc/ sysconfig/ selinux.
- Change the line from SELINUX=enforcing to SELINUX=disabled
- Restart the system or use
setenforce0 to invoke change immediately.
Read this article for more detailed information on what is SELinux, how to disable SELinux and why it’s not always a good idea to disable SELinux.
What is SELinux?
SELinux stands for Security Enhanced Linux. It is a labeling mechanism to provide high security to files and other objects in the system from unauthorized processes and also authorized processes that do not have or need such access to avoid misuse.
One can install SELinux in any existing Linux system. This usage will not be useful for all individual users but essential for server systems.
Its security rigidness can be understood by the fact that with SELinux, root owned process even if hacked can’t access the files that are not given access.
How SELinux Works?
SELinux enforces the access policy that will be followed by the kernel whenever a process needs to access file or object. Under the policy, each file or process is assigned a label. So when a process with a label a:a
Note that disabling SELinux in a server brings back a lot of threats to the system. Be sure that you are doing this neither because of convenience nor speculated content in articles but a valid reason.
Drawbacks of Disabling SE Linux
On disabling SELinux, each process will have access to files as in a normal Linux System. Misuse of rights cannot be prevented. A hacked process can gain access to secret files which are not needed for its original purpose and might be misused. This is a serious issue.
If a process with root permission is compromised, then the entire system is at risk. What SELinux provides is more rigid security. Learn more about risks here.
Why would you want to disable SELinux if it’s a security feature?
Because often extreme security features become a pain. Same is true for SELinux.
Because it is way too strict on what files are accessible by what process, you’ll have a hard time making various services work properly on your server.
For example, if files in /var/lib are owned by root and with file permissions 000, the program that requires these files won’t run.
Also, when you are debugging an application, SELinux becomes a pain. Disabling it saves you headache.
Disable SELinux in CentOS and other Linux distributions
You can disable SELinux using the following steps. Though these commands are tested in CentOS, it should work perfectly in Fedora and Red Hat Linux.
I think the same steps should be applicable to other Linux distributions as well. If not, please let us know in the comment section.
First, check the SELinux Status using
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
If SELinux is enabled and is in enforcing mode, you can disable it using these steps.
Step 1: Open the config file /etc/
Step 2: Change the line from
Step 3: Restart the system or use
setenforce 0 to change SELinux mode for the current session and the change will be active on restart.
Note: To put SELinux in permissive mode, change the config file to have SELINUX=permissive
How to enable SELinux again?
As mentioned earlier, you may want to enable SELinux again after debugging your issue or deploying your application. In fact, temporarily disabling SELinux is perhaps the best idea.
You can re-enable SELinux by reverting the changes you did earlier.
Step 1: Open the /etc/selinux/config or the /etc/sysconfig/selinux file again.
Step 2: This time change the line to SELINUX=enforcing
Step 3: In the end, reboot the system or use the command
I hope I was able to clarify a few things about SELinux like permissive mode vs enforcing, disabling SELinux etc.
If you have questions or suggestions to improve this article, please let us know in the comment section below.