How to Disable Selinux on Centos 7
SELinux is a Linux kernel security module that allows administrators and users more control over access controls. It allows access based on SELinux policy rules.
SELinux policy rules specify how processes and users interact with each other as well as how processes and users interact with files.
When you install RHEL/CentOS or several derivatives, the SELinux feature or service is enabled by default, due to this some applications on your system may not actually support this security mechanism. Therefore, to make such applications function normally, you have to disable or turn off SELinux.
SELinux has three modes:
- Enforcing: SELinux allows access based on SELinux policy rules.
- Permissive: SELinux only logs actions that would have been denied if running in enforcing mode.
- Disabled: No SELinux policy is loaded.
By default in CentOS 7, SELinux is enabled and in enforcing mode.
check selinux status:
[root@lampblogs ~]# sestatus
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31
Disable selinux temporarily
you can use any one command to disable temporaily until reboot
[root@lampblogs ~]# setenforce 0 or [root@lampblogs ~]# # echo 0 > /selinux/enforce
Disable selinux permanently
[root@lampblogs ~]# vi /etc/sysconfig/selinux
Open the /etc/sysconfig/selinux file and set the SELINUX mode to disabled.
SELinux=enforcing to SELinux=disabled
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
Save the file and reboot your CentOS system
[root@lampblogs ~]# reboot or [root@lampblogs ~]# shutdown -r now
Once system is rebooted, verify the change with the sestatus command
[root@lampblogs ~]# sestatus SELinux status: disabled
you can visit SELINUX tutorial to learn more about the powerful features.