How to Disable SELinux on CentOS 7

Disable SELinux on CentOS 7

In this article, we will have explained the necessary steps to Disable SELinux on CentOS 7. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

SELinux stands for Security Enhanced Linux. SELinux mainly used to control access to files, users, applications and network resources in the Linux. It allows access to files, users, etc. following SELinux rules. In the CentOS system, SELinux by default enabled.

SELinux has three modes:

  • Enforcing: SELinux allows access based on SELinux policy rules.
  • Permissive: SELinux only logs actions that would have been denied if running in enforcing mode.
  • Disabled: No SELinux policy is loaded.

Disable SELinux on CentOS

Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.

sudo yum install epel-release
sudo yum update

Step 2. Checking the Current Status and Mode of SELinux.

Run the following command to check the current status and mode of SELinux:

sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      46

Step 3. Temporarily Disable SELinux on CentOS.

You can run the following command to set SELinux to permissive mode temporarily:

sudo setenforce 0

Verify the change with the sestatus command:

sestatus
SELinux status:                 disabled

Step 4. Permanently Disable SELinux on CentOS 7.

To permanently disable SELinux on your CentOS system, follow the steps below:

nano /etc/selinux/config
# This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #       enforcing - SELinux security policy is enforced.
    #       permissive - SELinux prints warnings instead of enforcing.
    #       disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #       targeted - Targeted processes are protected,
    #       mls - Multi Level Security protection.
    SELINUXTYPE=targeted

Now reboot your system running below command to make changes permanent:

sudo reboot

After reboot process completes, check the SELinux status by running the following command:

sestatus
SELinux status:                 disabled

Congratulation, you have learned how to Disable SELinux on CentOS 7. If you have any question, please leave a comment below.