How to Disable SELinux on CentOS 7

r00t January 12, 2018

Disable SELinux on CentOS 7

In this tutorial we’ll learn how to disable SELinux on CentOS 7. We will also install and configure its prerequisites. SELinux, an abbreviation of Security-Enhanced Linux, is a safety enhancement to the Linux operating system. It’s a tagging system that blocks many system capabilities in its default settings.

SELinux is quite beneficial for many users, but due to the administrative overhead, you might be better off only disabling it. The time spent adding rules and upgrading permissions on SELinux versus the added security benefit may not be worthwhile.

Note: SELinux is remarkably beneficial within a general Linux system safety strategy, and we recommend leaving it enabled in implementing manner in production environments where possible. If a particular program or package doesn’t work properly with SELinux customized adjustments could be made that is the favored option in contrast to simply disabling the whole thing.

I recommend to use a minimal CentOS server setup as a basis for the tutorial, that can be a virtual or a root server image with an CentOS 7 minimal install from a web hosting company or you use our minimal server tutorial to install a server from scratch.

SELinux Basics

A fast overview of the 3 different SELinux modes. SELinux can be in implementing, permissive, or handicapped manner.

  • Enforcing:
    This is the default. In enforcing manner, if something happens on the system that’s against the defined policy, the action will probably be both blocked and logged.
  • Permissive:
    This Mode won’t actually block or deny anything from occurring, however, it will log anything that would have been blocked in enforcing manner. It’s a fantastic way to use if you possibly need to test a Linux system which has never used SELinux and you wish to get an idea of any problems you might have. No system reboot is needed when switching between permissive and enforcing modes.
  • Disabled:
    Disabled is turned off, nothing is logged in any way. In order To swap to the disabled manner, a system reboot will be required. Additionally, if you are switching from disabled manner to either Permissive or employing manners a system reboot will also be required.

Disable SELinux on CentOS 7

Step 1. First check if SELinux status.

sestatus

Result:

[root@myvpsource ~]# sestatus
SELinux status:             enabled
SELinuxfs mount:            /sys/fs/selinux
SELinux root directory:     /etc/selinux
Loaded policy name:         targeted
Current mode:               enforcing
Mode from config file:      enforcing
Policy MLS status:          enabled
Policy deny_unknown status: allowed
Max kernel policy version:  28

To permanently disable SELinux, use your favorite text editor to open the file /etc/sysconfig/selinux as follows:

nano /etc/sysconfig/selinux

By default this file appears as shown below:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Change “SELINUX=enforcing” to “SELINUX=disabled” and save the configuration file.

For the changes to take effect, you need to reboot your system and then check the status of SELinux using sestatus command as shown:

sestatus

Congratulation’s! You have successfully disable SELinux temporarily or permanently on your CentOS 7 server. Thanks for using this tutorial for disable SELinux on CentOS 7 system.

The Tags:

Leave a Comment

Comments are closed.