Table of Contents
SELinux is an acronym for Security-Enhanced Linux. It is a Linux kernel security feature for access control. For example, with the help of SELinux sysadmin can determine which Linux server users and apps can access resources.
How to disable SELinux permanently on a CentOS 7
The procedure to remove and disable SELinux security features is as follows:
1. Log in to your server using ssh.
2. Check the current SELinux status using command.
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
3. Disable SELinux permanently on CentOS 7 using the following command:
sed -i 's/enforcing/disabled/g' /etc/selinux/config
4. Reboot the CentOS 7 Linux server then run the command sestatus again to verify the SELinux was disabled.
reboot
# sestatus
SELinux status: disabled
ADVERTISEMENT
Disable SELinux on CentOS 7 temporarily
Note
Please note that is temporary solution to disable SELinux without rebooting the server and active for the current session only.
sudo setenforce 0
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive ###SELinux prints warnings instead of enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
Different types of security policy
# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
The /etc/selinux/config file controls the state of SELinux on the system.
can take one of these three values:
- enforcing – SELinux security policy is enforced.
- permissive – SELinux prints warnings instead of enforcing (disabled).
- disabled – No SELinux policy is loaded (disabled).
can take one of following:
- targeted – Targeted processes are protected.
- minimum – Modification of targeted policy. Only selected processes are protected.
- mls – Multi Level Security protection.
ADVERTISEMENT
5/5 - (1 vote)