How to Disable SELinux on CentOS 7

SELinux (Security Enhanced Linux) is a Linux kernel security module that allows administrators and users more control over access controls.

SELinux is a security feature of Linux built into the Linux kernel. It is used to control access to users, files, network resources and applications of a Linux system. SELinux provides extended file system permissions on top of the traditional Linux filesystem permission known as Discretionary Access Control (DAC).

SELinux has three modes/States:

  • Enforcing: SELinux allows access based on SELinux policy rules.
  • Permissive: SELinux only logs actions that would have been denied if running in enforcing mode.
  • Disabled: No SELinux policy is loaded.

By default in CentOS 7, SELinux is enabled and in enforcing mode. In this tutorial we will show you how to disable SELinux on CentOS 7 systems.

Checking the Current Status & Mode of SELinux

To view the current SELinux status and the SELinux policy that is being used on your system you can use the sestatus command:

[ansible@localhost ~]$ sestatus

Output:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

You can see from the output above that SELinux is enabled and set to enforcing mode.

Disable SELinux

To temporarily change the SELinux mode, with the following command:

[ansible@localhost ~]$ sudo setenforce 0

This change will be valid for the current runtime session only.

To permanently disable SELinux on your CentOS 7 system, follow the steps below:
1. Open the /etc/selinux/config file and set the SELINUX mod to disabled:

[ansible@localhost ~]$ sudo vim /etc/selinux/config
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #       enforcing - SELinux security policy is enforced.
    #       permissive - SELinux prints warnings instead of enforcing.
    #       disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #       targeted - Targeted processes are protected,
    #       mls - Multi Level Security protection.
    SELINUXTYPE=targeted

2.Save the file and reboot your CentOS system.
3.Verify the change with the sestatus command:

[ansible@localhost ~]$ sestatus

Output:

SELinux status:                 disabled

Conclusion

In this tutorial, you learned how to permanently disable SELinux on a CentOS 7.
Visit the CentOS SELinux guide and learn more about the powerful features of SELinux.

Avinash Pawar

An automation enthusiast who presently working as DevOps Engineer.

More Posts - Website

Follow Me:
TwitterFacebookLinkedInGoogle Plus

Avinash Pawar

An automation enthusiast who presently working as DevOps Engineer.