Disable Selinux on CentOS 7

Selinux stands for Secutiry-Enahanced Linux (https://en.wikipedia.org/wiki/Security-Enhanced_Linux). Selinux is a Linux kernel security module that provides a mechanism for supporting access control security policies. A Linux kernel integrating SELinux enforces mandatory access control policies that confine user programs’ and system servers’ access to files and network resources.
Some times for testing purpose it can be disabled on the local systems.

The Selinux status can be checked with sestatus command.

[root@cms ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
[root@cms ~]#

The default selinux config file, looks like below.

[root@cms ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

In order to permanently disable selinux set enforcing to disabled in the config file and reboot the server.

SELINUX=disabled

[root@cms ~]# sestatus
SELinux status:                 disabled
[root@cms ~]#

Temporary disabling of selinux can be done with the below command setenforce and getenforce.

[root@cms ~]# setenforce 0

[root@cms ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
[root@cms ~]#

[root@cms ~]# getenforce
Permissive
[root@cms ~]#

Hope, this will help you.

Leave a Reply

Your email address will not be published. Required fields are marked *