April 24, 2014

Disable SELinux CentOS 6

You need to be aware that by disabling SELinux you will be removing a security mechanism on your CentOS system. Think about this carefully, and if your system is on the Internet and accessed by the public, then think about it some more.

Applications should be fixed to work with SELinux, rather than disabling the OS security mechanism.

You could even switch to Permissive mode where every operation is allowed. Operations that would be denied are allowed and a message is logged identifying that it would be denied.

If you really need to disable SELinux on CentOS 6 please consider the following:

SELinux Warning

# vi /etc/selinux/config

Change SELINUX=enforcing

1
2
3
4
5
6
7
8
9
10
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

to SELINUX=disabled

1
2
3
4
5
6
7
8
9
10
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

This will disable SELinux on your next reboot.

  • JWyatt

    Most of the time simply setting to permissive enables you to proceed. There are several “SELinux HowTo” docs that show folks how to keep the advantages to SELinux without that much work. I do find it funny that my browser’s spell-checker recommended I replace SELinux with Vaseline, though – JWyatt

  • Jose Antonio Nobile Rendon

    Not working for me. Centos 6
    cat /etc/selinux/config && setenforce 0 && sestatus# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:#     enforcing – SELinux security policy is enforced.#     permissive – SELinux prints warnings instead of enforcing.#     disabled – No SELinux policy is loaded.SELINUX=disabled# SELINUXTYPE= can take one of these two values:#     targeted – Targeted processes are protected,#     mls – Multi Level Security protection.SELINUXTYPE=targetedSELinux status:                 enabledSELinuxfs mount:                /selinuxCurrent mode:                   permissiveMode from config file:          disabledPolicy version:                 24Policy from config file:        targeted

  • extde

    So many wrong answers about setenforce!

    Use “man setenforce” to find the truth – it switches between enforcing and permissive modes only.

  • How2CentOS

    You’re correct. The article has been rectified. 

  • nooneimportant

    SELinux is a PITB… i have wasted hours and gone through 20 posts trying to do something as simple as moving mysql data to another folder. CentOS is kind of junk when compared to Ubuntu

  • vahid chakoshy

    i don’t like to restart my server and just say: $ setenforce 0
    special thanks

  • Rafael Rojas

    Many thanks!!! It solve my Apache 403 forbidden problem

  • SEMI-GOD

    jajajajajajaja poor poor guy. first read, then learn and then COMMENT!

  • http://twitter.com/chicuco Flavio Camus

    i read somewhere you must add to the grub line selinux=no to disable it at boot time too.