How to disable or enable SELinux on CentOS

TWhosting

New member
Registered
Joined
Nov 10, 2016
Messages
5
Points
0
SELinux (Security-Enhanced Linux) is a Linux kernel extension that controls access to certain resources.

SELinux is activated by default in a CentOS 7 installation. If this feature is not needed, SELinux can also be disabled. The following article describes how this works. The described settings must be as a privileged user (root).

Display SELinux status

To read the current status of SELinux helps and sestatus the command. The following display shows the output with SELinux enabled.

Code:
sestatus
Code:
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
or if it is disabled


Code:
[root@vps87755 ~]# sestatus
SELinux status:                 disabled
Enable SELinux

In order to disable SELinux you can need to adjust configuration file in /etc/sysconfig/selinux. The following settings can be selected.

Code:
vis /etc/sysconfig/selinux
a screen will appear as follows

Code:
E325: ATTENTION
Found a swap file by the name "/etc/selinux/.config.swp"
          owned by: root   dated: Thu Nov 10 09:14:10 2016
         file name: /etc/sysconfig/selinux
          modified: YES
         user name: root   host name: vps89755.vps.ovh.ca
        process ID: 24517
While opening file "/etc/sysconfig/selinux"
             dated: Thu Nov  3 04:13:18 2016

(1) Another program may be editing the same file.  If this is the case,
    be careful not to end up with two different instances of the same
    file when making changes.  Quit, or continue with caution.
(2) An edit session for this file crashed.
    If this is the case, use ":recover" or "vim -r /etc/sysconfig/selinux"
    to recover the changes (see ":help recovery").
    If you did this already, delete the swap file "/etc/selinux/.config.swp"
    to avoid this message.
"/etc/sysconfig/selinux" 14L, 476C
Press ENTER or type command to continue

Code:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
#SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
remove "#" before #SELINUX=enforcing to enable SELINUX

There are some variables you can use

enforcing - SELinux is enabled
permissive - SELinux is active but only logging
disabled - SELinux deactivated


For these changes to take effect, the server must be restarted.
Code:
reboot
or
Code:
shutdown -r now
The issue of sestatus shows that SELinux was disabled in this case.

Should SELinux remain active and only the behavior of this can also be changed with the command setenforce be performed without rebooting.

setenforce 1 - enforcing
setenforce 0 - permissive

Code:
setenfor 0
Code:
sestatus
Code:
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
Disable SELinux

set SELINUX=disabled and adding #SELINUX=enforcing as below

Code:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Good documentation about SELinux can be found on the website of the Fedora project.
 
Older Threads
Replies
0
Views
3,217
Replies
0
Views
1,808
Replies
1
Views
2,100
Replies
2
Views
3,037

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top