SELinux (Security-Enhanced Linux) is a Linux kernel security module provides enhanced security for Linux systems. SELinux provides a mechanism for supporting access control security policies. This specifies how the processes communicate with each other and interact with the files.
SELinux Modes:
SELinux has three modes to run. By default, SELinux runs in Enforcing mode on CentOS 7
- Enforcing – SELinux security policy is enforced.
- Permissive – SELinux allows access but prints warnings on rules voilation.
- Disabled – No SELinux policy is loaded.
Check SELinux Status
You can quicky view the current status of SELinux using the getenforce command.
getenforce Enforcing
For the detailed status of SELinux use sestatus command.
sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31
Disable SELinux on CentOS
You can set SELinux to permissive mode with the following command.
sudo setenforce 0
But the above changes will be reverted after the system reboot. To disable SELinux completely edit the configuration file
sudo vim /etc/sysconfig/selinux
and set SELINUX value to disabled
SELINUX=disabled
Save the configuration file and reboot your server
sudo reboot
After the restart, again check the SELinux status, This will show you the SELinux status is disabled.
getenforce Disabled
Leave a Reply