Disable SELinux on CentOS/RHEL

SELinux: love it or hate it, it's a pain in the ass. Sometimes you just need it out of the way. I'm not here to judge.

Checking SELinux status:
# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31

Disabling SELinux in real-time:
# setenforce 0

To prevent SELinux from being enabled on next boot edit /etc/selinux/config and set SELINUX to disabled:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
If you have installed the setroubleshoot package you may notice setroubleshootd taking up CPU cycles; if you are permanently disabling selinux this daemon serves no function. It is launched by dbus rather than its own unit script; the easiest way to disable it is to simply remove the setroubleshoot package.
# yum remove setroubleshoot


There are no comments for this item.