Table of Contents
Disable SELinux on CentOS 7
SELinux stands for Security Enhanced Linux. SELinux mainly used to control access to files, users, applications and network resources in the Linux. It allows access to files, users, etc. following SELinux rules. In the CentOS system, SELinux by default enabled. In this tutorial, we are going to learn how to disable SELinux on CentOS 7.
Following are the modes in SELinux:
- Enforcing Mode: Here in this mode, SELinux is enabled and access allowed following SELinux Rules.
- Permissive Mode: In this mode, SELinux allows applications whatever they want to do. If they are doing things which are not allowed in SELinux Rules then it will keep logs for that.
- Disabled: SELinux is disabled in this mode.
Before you start to Disable SELinux on CentOS 7. You must have a non-root user account on your server with sudo privileges.
1.Checking the SELinux Status
First, you should check the status of SELinux is enabled or disabled in your CentOS system. To check the status of SELinux run below command:
The output should be:
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28
2. Temporarily Disable SELinux
You can temporarily change SELinux mode from targeted to permisive using below command. After reboot it will start again:
sudo setenforce 0
You can see the output like given below:
SELinux status: disabled
3. Permanently Disable SELinux
You can permanently disable SELinux by editing
/etc/selinux/config file using the following command:
sudo nano /etc/selinux/config
Edit file and change SELINUX value from
disabled in above file. You will see file after editing like given below:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded.
SELINUX=disabled# SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
Now reboot your system running the following command to make changes permanent:
After the above reboot process completes, check the SELinux status by running the following command:
SELinux status: disabled
You have successfully learned how to disable SELinux on CentOS 7. If you have any queries please don’t forget to comment out.