How to Disable SELinux on CentOS 7

Choose a different version or distribution

Introduction

Before we begin talking on how to disable SElinux on CentOS 7. Let’s briefly understand - What is SELinux?

SELinux, which stands for Security-Enhanced Linux, is a mandatory access control (MAC) security mechanism implemented in the Linux kernel. It provides an additional layer of security by enforcing fine-grained access control policies on various system resources, such as processes, files, directories, and network ports.

SELinux's policies define rules that govern the interactions between different components of the system and determine the permissions and access rights that processes have.

Disabling SELinux on CentOS 7 may be necessary in certain situations, particularly when troubleshooting or when specific applications are not compatible with SELinux policies. However, it is important to note that disabling SELinux can potentially decrease the security of your system. If possible, consider configuring SELinux instead of completely disabling it.

In this tutorial, you will disable SElinux on CentOS 7. We will also address a few FAQs on how to disable SElinux on CentOS 7.

Prerequisites

Make sure you are logged in as a user with sudo privileges before beginning the tutorial.

Disabling SELinux

It is possible to either temporarily or permanently disable SELinux. Each has advantages of its own. Doing so temporarily will allow us to test without jeopardizing the security of the system.

On the other hand, we will be able to work more quickly if we permanently deactivate SELinux, especially if it is a small or medium-sized project. We must remember that most Linux distributions now have very solid security measures, therefore we can afford it.

💡
Important! On December 31, 2021, CentOS Linux 8 met its End of Lifetime (EOL). CentOS Linux 7 is currently supported, however, it will become EOL on June 30, 2024. We recommend keeping this in mind when selecting this operating system. Further information is available on their official website.

Initially, we must use SSH to connect to the server. Check out our SSH guide if you need any help or have any queries about how to do it. Execute the following command:

ssh your-user@your-server

On the other hand, all we have to do is launch the terminal if we are using CentOS on a personal computer.

Check the SELinux Status

Use the sestatus command to view our system's SELinux policy and the current status of SELinux:

sestatus
Output

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

The output above shows that SELinux is enabled and in enforcing mode.

Disable SELinux

With the command listed below, you can momentarily switch SELinux mode from targeted to permissive:

sudo setenforce 0

This change, however, is only valid for the current runtime session.

Follow the steps below to permanently disable SELinux on your CentOS 7 system:

1) Set the SELINUX mod to disabled in the /etc/selinux/config file:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted

2) After saving the file, restart your CentOS system by using:

sudo shutdown -r now

3) Verify the modification with the sestatus command after the system boots up:

sestatus

The output should seem as follows:

Output

SELinux status:                 disabled

FAQs to Disable SELinux on CentOS 7

What are the security implications of disabling SELinux on CentOS 7? 

Disabling SELinux can potentially decrease the security of your system, as it removes an additional layer of access control.

How do I check the current status of SELinux on CentOS 7? 

You can check the status of SELinux by executing the command sestatus.

What is the location of the SELinux configuration file on CentOS 7? 

The SELinux configuration file is located at /etc/selinux/config.

Will disabling SELinux persist after a system reboot? 

Yes, disabling SELinux in the configuration file will persist after a system reboot.

Can I disable SELinux for only a specific user on CentOS 7?

 No, SELinux operates at the system level, and disabling it will affect all users.

How can I confirm if SELinux is successfully disabled on CentOS 7? 

After making changes and rebooting, execute the sestatus command and check if the status is set to "disabled".

Can I re-enable SELinux without rebooting CentOS 7?

 No, changes made to SELinux configuration require a system reboot to take effect.

Conclusion

We have explored the steps to disable SELinux on CentOS 7, highlighting the importance of understanding the security consequences and considering alternative solutions before disabling SELinux entirely.

Disabling SELinux removes an additional layer of access control, which can reduce the overall security posture of your system.

If you have any queries, feel free to drop a comment below, and we'll be happy to help.