How to disable SELinux

From Leo's Notes
Last edited on 18 August 2023, at 22:30.

SELinux (Security Enhanced Linux) is a Linux kernel security module which allows the system to enforce access controls. You may want to disable it on systems where you do not need this level of security.

Is SElinux enabled?

Check the status of SELinux with sestatus and look for the 'SELinux status' and 'Current mode':

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

The mode tells you:

  • Enforcing – SELinux is active and enforcing its policy rules.
  • Permissive – SELinux permits every thing, but logs the events it would normally deny in enforcing mode.
  • Disabled – SELinux is not enforcing rules or logging anything.

If SELinux is in enforcing mode, you can disable it in the next section below.

Disabling SELinux

To temporarily disable SELinux:

## Use the setenforce command
# setenforce 0

## or, on older kernels:
# echo 0 > /selinux/enforce

## or, on newer kernels (the /selinux fs has been moved to /sys/fs/selinux)
# echo 0 > /sys/fs/selinux/enforce

To permanently disable SELinux:

# sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
## or manually set SELINUX=disabled 
# vi /etc/selinux/config