How To Disable SELinux on Centos 7

On this article we will discuss how to disable SELinux on Centos 7.

Introduction

Security issue on Linux operating system, had been an issue since it was live. For accommodating  the security issue on Linux operating system through its kernel, it was done by SELinux. SELinux was primary developed by NSA , which was released the first version to the open source development community under the GNU GPL on December 22, 2000.

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). It gives us the ability to limit the privileges associated with executing processes and reduce the damage that could result from system and applications vulnerabilities exploitation. It is recommended to keep SELinux in enforcing.

SELinux modes:

  • Enforcing: SELinux allows access based on SELinux policy rules.
  • Permissive: SELinux only logs actions that would have been denied if running in enforcing mode.
  • Disabled: No SELinux policy is loaded.

The CentOS 7 operating system, SELinux is enabled and in enforcing mode.

Why we have to disable SELinux ?

No compromise for the security breach is one of the SELinux reason was deployed. But, sometime the SELinux itself will be the hindrance for a certain situations. There are some situation which lead us to disable the SELinux, namley : troubleshooting for any system failure,  the expense of faster system setup, Applications deployment, etc.  The next step on this article is to disable the SELinux on Centos 7.

Disable SELinux Steps.

Before disabling SELinux, check first its mode of operation, by submitting command below :

amans@localhost ~]$ sestatus

Disable SELinux on Centos 7

From the information above, we could see, if the SELinux status is enabled. The we will disable the SELinux bu submitting this command.

[ramans@localhost ~]$ sudo setenforce 0

Disable SELinux sudo setenforce 0

The command above will disable the SELinux for temporary time only ( valid for the current runtime seession only).

If we have the requirement for permanently disabling SELinux,  here’s the step to do :

1. Edit the /etc/selinux/config file and set the SELINUX mod to be disabled, by submitting command line below :

[ramans@localhost ~]$ sudo vi /etc/selinux/config

edit /etc/selinux/config

and then set the SELINUX mod from enforcing to be disabled, and save the file.

2. After the file was saved, then reboot the CentOS system, by submitting command below :

[ramans@localhost ~]$ sudo shutdown -r now

3. After reboot the system, we will query the SELinux status by submitting command line below :

[ramans@localhost ~]$  sestatus

 

 

Share this article via :

Leave a Reply

Your email address will not be published. Required fields are marked *