How to Disable SELinux on CentOS 7

How to Disable SELinux on CentOS 7
How to Disable SELinux on CentOS 7

Disable SELinux on CentOS 7

SELinux stands for Security Enhanced Linux. SELinux mainly used to control access to files, users, applications and network resources in the Linux. It allows access to files, users, etc. following SELinux rules. In the CentOS system, SELinux by default enabled. In this tutorial, we are going to learn how to disable SELinux on CentOS 7.

Following are the modes in SELinux:

  1. Enforcing Mode: Here in this mode, SELinux is enabled and access allowed following SELinux Rules.
  2. Permissive Mode: In this mode, SELinux allows applications whatever they want to do. If they are doing things which are not allowed in SELinux Rules then it will keep logs for that.
  3. Disabled: SELinux is disabled in this mode.

Prerequisites

Before you start to Disable SELinux on CentOS 7. You must have a non-root user account on your server with sudo privileges.

1.Checking the SELinux Status

First, you should check the status of SELinux is enabled or disabled in your CentOS system. To check the status of SELinux run below command:

sestatus

The output should be:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

2. Temporarily Disable SELinux

You can temporarily change SELinux mode from targeted to permisive using below command. After reboot it will start again:

sudo setenforce 0

You can see the output like given below:

SELinux status:                 disabled

3. Permanently Disable SELinux

You can permanently disable SELinux by editing /etc/selinux/config file.

Open /etc/selinux/config file using the following command:

sudo nano /etc/selinux/config

Edit file and change SELINUX value from enforcing to disabled in above file. You will see file after editing like given below:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled 
# SELINUXTYPE= can take one of these two values: 
# targeted - Targeted processes are protected, 
# mls - Multi Level Security protection. 
SELINUXTYPE=targeted

Now reboot your system running below command to make changes permanent:

sudo reboot

After reboot process completes, check the SELinux status by running the following command:

SELinux status:                 disabled

Conclusion

You have successfully learned how to disable SELinux on CentOS 7. If you have any queries please don’t forget to comment out.

LEAVE A REPLY

Please enter your comment!
Please enter your name here