How to Disable SELinux Temporarily or Permanently

Linux is regarded as one of the most secure operating systems you can use today, that is because of its illustrious security implementation features such as SELinux (Security-Enhanced Linux).

Disable SELinux in CentOS, RHEL and Fedora
Disable SELinux in CentOS, RHEL and Fedora

For starters, SELinux is described as a mandatory access control (MAC) security structure executed in the kernel. SELinux offers a means of enforcing some security policies which would otherwise not be effectively implemented by a System Administrator.

When you install RHEL/CentOS or several derivatives, the SELinux feature or service is enabled by default, due to this some applications on your system may not actually support this security mechanism. Therefore, to make such applications function normally, you have to disable or turn off SELinux.

Important: If you don’t want to disable SELinux, then you should read the following articles to implement some mandatory access control on files and services to function properly.

Don’t Miss: Setup Mandatory Access Control with SELinux in Linux

Don’t Miss: Implement Mandatory Access Control with SELinux and AppArmor in Linux

In this how-to guide, we shall walk through steps you can follow to check the status of SELinux and also disable SELinux in CentOS/RHEL and Fedora, in case it is enabled.

How Can I Disable SELinux in Linux

The first thing to do is to check the status of SELinux on your system, and you can do this by running the following command:

$ sestatus
Check Status of SELinux
Check Status of SELinux

Next, proceed to disabling SELinux on your system, this can be done temporarily or permanently depending on what you want to achieve.

Disable SELinux Temporarily

To disable SELinux temporarily, issue the command below as root:

# echo 0 > /selinux/enforce

Alternatively, you can use the setenforce tool as follows:

# setenforce 0

Else, use the Permissive option instead of 0 as below:

# setenforce Permissive

These methods above will only work until the next reboot, therefore to disable SELinux permanently, move to the next section.

Disable SELinux Permanently

To permanently disable SELinux, use your favorite text editor to open the file /etc/sysconfig/selinux as follows:

# vi /etc/sysconfig/selinux
SELinux Enforcing Mode
SELinux Enforcing Mode

Then change the directive SELinux=enforcing to SELinux=disabled as shown in the below image.

SELINUX=disabled
Disable SELinux Permanently
Disable SELinux Permanently

Then, save and exit the file, for the changes to take effect, you need to reboot your system and then check the status of SELinux using sestatus command as shown:

$ sestatus
Check SELinux Status
Check SELinux Status

In conclusion, we moved through the simple steps you can follow to disable SELinux on CentOS/RHEL and Fedora. There is nothing much to cover under this topic but additionally, finding out more about SELinux can prove helpful especially for those interested in exploring security features in Linux.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

9 Comments

Leave a Reply
  1. You should take this article and all like it down! You might as well tell your readers to remove their perimeter firewalls down, uninstall their Anti-Virus on Windows, etc.

    SELinux is NOT that hard to use and configure. If fact, if you just follow some basic SELinux rules, like keeping all your web server content in /var/www you won’t have any issues.

    If you are having an issue use the tools that are given like audit2why and audit2allow. Using audit2allow will fix 99.99999% of your SELinux issues. f you have lots of violations switch to permissive mode (better on a test Machine) and dig through the logs. That’s what competence administrators do!

    Advising people to disable SELinux is as stupid as advising them to “just make the user a local administrator, and they will fix it.” on a Windows computer.

    Reply
    • SELinux is an abomination. It’s a set of cryptic commands with overlapping, inconsistent effects. Shut it off and hope for the day it gets replaced with something that is actually easy to use.

      Reply
  2. Isn’t SELinux part of most distributions by default?

    At least now in 2022, eh?

    On vagrant VM, I get this for Ubuntu.

    root@vagrant:~# cat /etc/os-release
    
    NAME="Ubuntu"
    VERSION="18.04.6 LTS (Bionic Beaver)"
    ID=ubuntu
    ID_LIKE=debian
    PRETTY_NAME="Ubuntu 18.04.6 LTS"
    VERSION_ID="18.04"
    HOME_URL="https://www.ubuntu.com/"
    SUPPORT_URL="https://help.ubuntu.com/"
    BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
    PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
    VERSION_CODENAME=bionic
    UBUNTU_CODENAME=bionic
    root@vagrant:~# sestatus
    -bash: sestatus: command not found
    

    What package or repo is needed for SELinux?

    Reply
    • @Jim,

      SELinux is not part of Debian-based distributions, you need to install it.

      $ sudo apt install selinux selinux-utils selinux-basics auditd audispd-plugins
      $ sudo sestatus
      
      Reply
  3. When you change /etc/sysconfig/selinux, the SELINUX kernel module still will be loaded, just won’t enforce any policy anymore.

    To prevent the whole module from loading we need to add “selinux=0” to the kernel parameters during boot time or execute this command and reboot the system:

    $ sudo grubby --update-kernel ALL --args selinux=0
    
    Reply
    • @James

      This paragraph states the why bit: “When you install RHEL/CentOS or several derivatives, the SELinux feature or service is enabled by default, due to this, some applications on your system may not actually support this security mechanism. Therefore, to make such applications function normally, you have to disable or turn off SELinux.”

      Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.