How to Temporarily or Permanently Disable SELinux in CentOS or Fedora
The Linux operating system is currently considered to be the most secure system in the world that you can use due to its security features, one of these features is called SELinux (Security-Enhanced Linux).
SELinux is a built-in security mechanism that provides kernel-level access control in Linux-based operating systems. It so happens that SELinux is most often used only in CentOS and Fedora operating systems. In CentOS, SELinux is enabled by default and helps protect the system by limiting the capabilities of applications and users. However, there are cases when it is not advisable to use SELinux because SELinux can create conflicts or even limit the operation of your application. In such cases, it is necessary to temporarily or completely disable SELinux.
In this article we will look at how to check the SELinux status, correctly and quickly disable SELinux in CentOS and what commands to use for this. If you have the Fedora operating system installed, then do not worry, the commands will be the same as in CentOS.
Don't forget that all actions must be performed as the super user root.
Contents of the article:
- What are the security policies in SELinux?
- Checking SELinux status.
- Temporarily disable SELinux.
- Disable SELinux completely.
- Let's check the result.
1. What are the security policies in SELinux?
There are only three main security policies in SELinux.
- Enforcing is a mode in which SELinux enforces all security policies and blocks any operations that violate these policies. This is the default mode for providing maximum system security.
- Permissive - In this mode, SELinux does not block operations that violate the policy, but only logs warnings about potential violations. Permissive is often used to diagnose, configure, and debug SELinux security policy, as it allows you to see possible conflicts without interrupting the system.
- Disabled - In this mode, SELinux is completely disabled and no security policies are enforced.
2. Checking SELinux status.
The first thing we'll start with is to look at the current SELinux status. This can be done by running the command:
~$ sestatus
sestatus
As we can see, in my result the SELinux status field has the value enabled, this means that SELinux is enabled and Enforcing policies are applied to it.
3. Temporarily disable SELinux.
In addition to completely disabling SELinux, we can also temporarily disable it and then enable it again without rebooting the entire system. To temporarily disable SELinux, run the command:
~$ setenforce 0
To turn it back on, do the following:
~$ setenforce 1
4. Disable SELinux completely.
If you want to completely disable SELinux in CentOS or Fedora, you need to open the configuration file and change the SELINUX parameter values.
The SELinux configuration file can be opened in two ways:
/etc/selinux/config
Directory /etc/selinux
/etc/sysconfig/selinux
Directory /etc/sysconfig
Next, you need to find the SELINUX parameter in this file and change the values from Enforcing to Disabled. Save the file and close the file. For our changes to take effect, you will need to reboot the server itself.
SELINUX=disabled
5. Let's check the result.
Now after we rebooted the system, we can check the SELinux status disabled. To check, we use the same command:
~$ sestatus
Now we see that SELinux status has the value disabled, which means that SELinux is no longer active in the system.
As a result, we looked at simple steps that will help you disable such a component as SELinux in CentOS or Fedora.