Linux Pathfinder: Linux Howtos and Tutorials

How To Disable SELinux Temporarily or Permanently

How To Disable SELinux Temporarily or Permanently
Disable SELinux Temporarily or Permanently

It is recommended to know about SELinux, its configuration and how to implement on your environment. However, you have to disable SELinux temporarily or permanently until you understand about it.

Here, we will use different ways to disable SELinux.

In linux, files and process tag with specific labels that is used by the SELinux. Command ls -Z view those labels as follows.

[root@linuxpathfinder ~]# ls -Z /etc/

-rw-r–r–. root root system_u:object_r:etc_t:s0           file
drwxr-xr-x. root root system_u:object_r:etc_t:s0        file
drwxr-xr-x. root root system_u:object_r:etc_t:s0        file
drwxr-xr-x. root root system_u:object_r:system          file
drwxr-xr-x. root root system_u:object_r:bin_t:s0       file
-rw-r–r–. root root system_u:object_r:etc_t:s0           file
drwxr-xr-x. root root system_u:object_r:bin_t:s0       file

Disable SELinux Temporarily

You have to modify the /selinux/enforce file to disable SELinux temprarily. After reboot the machine, temporary made settings will be refreshed.

[root@linuxpathfinder ~]# cat /selinux/enforce
1
[root@linuxpathfinder ~]# echo 0 > /selinux/enforce

[root@linuxpathfinder ~]# cat /selinux/enforce
0

setenforce command is also used to disable SELinux. Setenforce commands are: Enforcing , Permissive, 1 (enable) or 0 (disable).

[root@linuxpathfinder ~]# setenforce 0
setenforce: SELinux is disabled

Disable SELinux Permanently

We will modify the /etc/selinux/config and change to SELINUX=disabled to disable SELinux permanently. After reboot the machine, settings will remain effective and permanent.

[root@linuxpathfinder ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing – SELinux security policy is enforced.
#     permissive – SELinux prints warnings instead of enforcing.
#     disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted – Targeted processes are protected,
#     mls – Multi Level Security protection.
SELINUXTYPE=targeted
SETLOCALDEFS=0

Disable SELinux from the Grub Bootloader

If you are unable to find out the location of /etc/selinux/config file, you can disable SELinux to change parameter to the Grub Bootloader in the following steps.

[root@linuxpathfinder ~]# vim /boot/grub/grub.conf

default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-358.18.1.el6.i686)
root (hd0,0)
kernel /vmlinuz-2.6.32-358.18.1.el6.i686 ro root=LABEL=/ rhgb quiet selinux=0
initrd /initramfs-2.6.32-358.18.1.el6.i686.img
title centos (2.6.32-71.el6.i686)
root (hd0,0)
kernel /vmlinuz-2.6.32-71.el6.i686 ro root=/ rhgb quiet selinux=0
initrd /initramfs-2.6.32-71.el6.i686.img

Disable Only a Specific Service in SELinux – HTTP/Apache

If you don’t want to disable the whole SELinux, it is possible with the HTTP/Apache service, you can change the httpd_disable_trans variable in the /etc/selinux/targeted/booleans file.

Change into 1 the httpd_disable_trans variable.

[root@linuxpathfinder ~]# grep httpd /etc/selinux/targeted/booleans
httpd_builtin_scripting=1
httpd_disable_trans=1
httpd_enable_cgi=1
httpd_enable_homedirs=1
httpd_ssi_exec=1
httpd_tty_comm=0
httpd_unified=1

We can set the value using setsebool command. After that restart the HTTP service to take effect.

[root@linuxpathfinder ~]# setsebool httpd_disable_trans 1
[root@linuxpathfinder ~]# service httpd restart

Share this article:

Asif Khan's picture
I am an experienced Linux System and Network Administrator with having more than 10 years of experience. My primary responsibilities are to keep up and running Linux system environment, backups important data with scripting and configuration management on AWS Linux server environments. My aim is to help people, in finding their path towards a solution to their problems. Well, I believe helping others can good for both parties, to them and to you as well. That day and today is the day that thousands of people seek help from my website to help people find answers to their questions. I am sure that everyone will get all the answers to their questions related to software and operating system, and this website will help you keep your system updated.

Add new comment

Image CAPTCHA

Enter the characters shown in the image.