How to Disable SELinux on CentOS

SELinux (Security Enhanced Linux) is a Linux kernel security module that allows administrators and users more control over access controls. It allows access based on SELinux policy rules. In CentOS 7, SELinux is enabled and in enforcing mode by default.

SELinux policy rules specify how processes and users interact with each other as well as how processes and users interact with files. When no SELinux policy rule explicitly allows access, such as for a process opening a file, access is denied. SELinux has three modes:

  1. Enforcing: SELinux allows access based on SELinux policy rules.
  2. Permissive: SELinux only logs actions that would have been denied if running in enforcing mode.
  3. Disabled: No SELinux policy is loaded. 

You will need a user with with sudo privileges in order to perform this task and disable 
SELinux. Check the status of SELinux first to make sure it is not disabled.

You can check the status of SELinux using the following command at terminal.

$ sestatus

Output example showing SELinux in enforcing state (enabled)

SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31

The output above shows that SELinux is enabled and is set to enforcing mode. Now follow the next step to disable SELinux.

Procedures to disable SELinux:
To permanently disable SELinux on your CentOS system, follow the steps below:

Edit the /etc/selinux/config file to set the SELINUX parameter to disabled, and then reboot the server. The contents of the /etc/selinux/config file should resemble the following example:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.

Make sure that there is only one enable SELINUX=disabled parameter, a parameter is enabled by removing "#" sign before it.

Save the SELinux configuration file and reboot the system.

$ reboot

Once the system has rebooted, check the status of SELinux.

$ sestatus

Output example showing SELinux in disabled state

SELinux status: disabled

You have successfully disabled SELinux.

For more information about SELinux and its set of advanced powerful features, visit CentOS SELinux.

Last update: May 15th, 2020

  • SELinux, CentOS, Linux
  • 68 Users Found This Useful
Was this answer helpful?

Related Articles

CLI CSF Firewall Whitelist an IP Address

ConfigServer Firewall (CSF) is a powerful software firewall. All managed servers at Greens247...

How to change Private Key Format to Use with PuTTY

This guide will show you how to change your private key format, to use with PuTTY, which is a...

How to Generate OpenVPN Client Configuration Files

A Virtual Private Network (VPN) is a physical trusted network in a remote location that you can...

How To Set Up and Configure an OpenVPN Server on CentOS

A Virtual Private Network (VPN) is a physical trusted network in a remote location that you can...

How to ssh to a server with a private key using putty

This article will describe how to connect to your server using ssh and a private key on a windows...