How to disable SELinux in Linux


There are 4 different methods of disabling selinux in Linux.

Method 1: Disable SELinux Temporarily

To disable SELinux temporarily you have to modify the /selinux/enforce file as shown below. Please note that this setting will be gone after the reboot of the system.

# cat /selinux/enforce

1

# echo 0 > /selinux/enforce

# cat /selinux/enforce

0

You can also use setenforce command to disable SELinux. Possible parameters to setenforce commands are: Enforcing, Permissive, 1 (enable) or 0 (disable).

# setenforce 0

Method 2: Disable SELinux Permanently

To disable the SELinux permanently, you have to modify the /etc/selinux/config and set the SELINUX=disabled. One you make any changes to the /etc/selinux/config, reboot the server for the changes to reflect.

# cat /etc/selinux/config

SELINUX=disabled

SELINUXTYPE=targeted

SETLOCALDEFS=0

Following are the possible values for the SELINUX variable in the /etc/selinux/config file

  • enforcing – The Security Policy is always Enforced
  • permissive – This just simulates the enforcing policy by only printing warning messages and not really enforcing the SELinux. This is good to first see how SELinux works and later figure out what policies should be enforced.
  • disabled – Completely disable SELinux

Following are the possible values for SELINUXTYPE variable in the /etc/selinux/config file. This indicates the type of policies that can be used for the SELinux.

  • targeted – This policy will protected only specific targeted network daemons.
  • strict – This is for maximum SELinux protection.

Method 3: Disable SELinux from the Grub Boot Loader

If you can’t locate /etc/selinux/config file on your system, you can pass disable SELinux by passing it as parameter to the Grub Boot Loader as shown below.

# cat /boot/grub/grub.conf

default=0

timeout=5

splashimage=(hd0,0)/boot/grub/splash.xpm.gz

hiddenmenu

title Enterprise Linux Enterprise Linux Server (2.6.18-92.el5PAE)

root (hd0,0)

kernel /boot/vmlinuz-2.6.18-92.el5PAE ro root=LABEL=/ rhgb quiet selinux=0

initrd /boot/initrd-2.6.18-92.el5PAE.img

title Enterprise Linux Enterprise Linux Server (2.6.18-92.el5)

root (hd0,0)

kernel /boot/vmlinuz-2.6.18-92.el5 ro root=LABEL=/ rhgb quiet selinux=0

initrd /boot/initrd-2.6.18-92.el5.img

Method 4: Disable Only a Specific Service in SELinux – For e.g. HTTP/Apache

If you are not interested in disability the whole SELinux, you can also disable SELinux only for a specific service. For example, do disable SELinux for HTTP/Apache service, modify the httpd_disable_trans variable in the /etc/selinux/targeted/booleans file.
 
Set the httpd_disable_trans variable to 1 as shown below.

# grep httpd /etc/selinux/targeted/booleans

httpd_builtin_scripting=1

httpd_disable_trans=1

httpd_enable_cgi=1

httpd_enable_homedirs=1

httpd_ssi_exec=1

httpd_tty_comm=0

httpd_unified=1

 Set SELinux boolean value using setsebool command as shown below. Make sure to restart the HTTP service after this change.

# setsebool httpd_disable_trans 1

# service httpd restart

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Linux/CentOS. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s