On this article we will discuss how to disable SELinux on Centos 7.
Security issue on Linux operating system, had been an issue since it was live. For accommodating the security issue on Linux operating system through its kernel, it was done by SELinux. SELinux was primary developed by NSA , which was released the first version to the open source development community under the GNU GPL on December 22, 2000.
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). It gives us the ability to limit the privileges associated with executing processes and reduce the damage that could result from system and applications vulnerabilities exploitation. It is recommended to keep SELinux in enforcing.
- Enforcing: SELinux allows access based on SELinux policy rules.
- Permissive: SELinux only logs actions that would have been denied if running in enforcing mode.
- Disabled: No SELinux policy is loaded.
The CentOS 7 operating system, SELinux is enabled and in enforcing mode.
Why we have to disable SELinux ?
No compromise for the security breach is one of the SELinux reason was deployed. But, sometime the SELinux itself will be the hindrance for a certain situations. There are some situation which lead us to disable the SELinux, namley : troubleshooting for any system failure, the expense of faster system setup, Applications deployment, etc. The next step on this article is to disable the SELinux on Centos 7.
Disable SELinux Steps.
Before disabling SELinux, check first its mode of operation, by submitting command below :
amans@localhost ~]$ sestatus
From the information above, we could see, if the SELinux status is enabled. The we will disable the SELinux bu submitting this command.
[ramans@localhost ~]$ sudo setenforce 0
The command above will disable the SELinux for temporary time only ( valid for the current runtime seession only).
SELinux Disable For Permanent
If we have the requirement for permanently disabling SELinux, here’s the step to do :
1. Edit the /etc/selinux/config file and set the SELINUX mod to be disabled, by submitting command line below :
[ramans@localhost ~]$ sudo vi /etc/selinux/config
and then set the
SELINUX mod from
enforcing to be
disabled, and save the file.
2. After the file was saved, then reboot the CentOS system, by submitting command below :
[ramans@localhost ~]$ sudo shutdown -r now
3. After reboot the system, we will query the SELinux status by submitting command line below :
[ramans@localhost ~]$ sestatus