LinuxDisabling SELinux on CentOS 7

Disabling SELinux on CentOS 7

Security-Enhanced Linux (SE Linux) is a Linux kernel security module that provides a mechanism for supporting access control security policies. It controls which applications can access what directories in the system

For example, the default rules for apache is to only be allowed to access /var/www and /var/logs/httpd and some other configuration directories. If apache tries to access any other directory, then SELinux will not permit it if it is enabled.

Example, default web root for apache is /var/www, if you change it to /home/code, then SELinux will not allow apache to access files in /home/code and the application will fail to load on the web page

You have 2 options,

  • manually add the new location to SELinux apache rules by giving appropriate groups ( recommended )
  • disable SELinux permanently

Similary if you change the data directory for mysql, you will come across this issue

Sometimes you need a quick fix and might need to disable SELinux

This is not recommended on production systems. Do it on your own risk.

Command to check if SELinux is active is sestatus

[root@ip-172-30-0-220:/]$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28

Current Mode is set to enforcing, which means SELinux is active

Temporarily Disabling SELinux

To temporarily disable SELinux, use the command

sudo setenforce 0

Then check with sestatus and Current Mode should be permissive. This will revert back on boot to enforcing

To enable SELinux again, use

setenforce 1


Permanently Disabling SELinux

edit /etc/selinux/config

change SELINUX=enforcing to SELINUX=disabled

restart the server and check with sestatus command

Categories: Linux Tags:


No Comments Yet. Be the first?

Post a comment

Your email address will not be published. Required fields are marked *