How to disable SELinux

Security-Enhanced Linux (SELinux) is a set of kernel enhancements and user-space tools to enforce mandatory access control and security policies. When SELinux is enabled on your system, there may be cases where you would like to turn off SELinux temporarily, for example when you are experimenting with Apache or NFS server, and SELinux gets in the way, blocking necessary port access.

To disable SELinux temporarily:

$ sudo sh -c 'echo 0 > /selinux/enforce'

or alternatively:

$ sudo setenforce 0

Note that you can use "echo 1 > /selinux/enforce" or "setenforce 1" to re-enable SELinux.

To disable SELinux permanently:

$ sudo vi /etc/selinux/config
SELINUX=permissive (or disabled)
$ sudo reboot

Note that when you are disabling SELinux using /etc/selinux/config, there are two different options that you can use: "permissive" and "disabled". In "permissive" mode, security policies are no longer enforced, but violations are still logged. In "disabled" mode, SELinux is completely switched off, and no violation is logged.

If you cannot find /etc/selinux/config on your system, you can disable SELinux permanently by adding "selinux=0" to /boot/grub/grub.conf as follows. In this case, Grub Boot Loader will pass the kernel parameter "selinux=0" to the kernel at boot time, and SELinux will remain disabled permanently upon boot.

$ sudo vi /boot/grub/grub.conf
# grub.conf generated by anaconda
#
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-238.9.1.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-238.9.1.el5 ro root=LABEL=/ selinux=0
        initrd /initrd-2.6.18-238.9.1.el5.img
title CentOS (2.6.18-164.9.1.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-164.9.1.el5 ro root=LABEL=/ selinux=0
        initrd /initrd-2.6.18-164.9.1.el5.img
title CentOS (2.6.18-164.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-164.el5 ro root=LABEL=/ selinux=0
        initrd /initrd-2.6.18-164.el5.img 

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

The following two tabs change content below.
Dan Nanni is the founder and also a regular contributor of Xmodulo.com. He is a Linux/FOSS enthusiast who loves to get his hands dirty with his Linux box. He likes to procrastinate when he is supposed to be busy and productive. When he is otherwise free, he likes to watch movies and shop for the coolest gadgets.
Your name can also be listed here. Write for us as a freelancer.

Leave a comment

Your email address will not be published. Required fields are marked *