Disable SELinux on CentOS 7

How to disable SELinux on CentOS 7 or most Linux operating systems?

SELinux stands for Security-Enhanced Linux and is a Linux kernel security module that provides a mechanism for supporting access control security policies. If you’ve recently installed your CentOS 7(works for CentOS 4,5,6 as well) and you don’t want to use SELinux, the easiest way would be to disable it first and then make sure it won’t start upon reboot.

We can verify the status using sestatus which should return enabled along with some variables or disabled if it’s already turned off:


[root@server ~]# sestatus
SELinux status: disabled

In order to disable it for the time being, until the machine is rebooted we can simply use the setenforce command:


[root@server ~]# setenforce
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]

Simply running setenforce Permissive from shell as root:

[root@server ~]# setenforce Permissive

OR:

[root@server ~]# setenforce 0

should to the trick but we also need to make sure it remains permanent. In order to do this we’ll simply edit SELinux’s configuration file located under: /etc/sysconfig/selinux and alter the SELINUX variable to disabled:

[root@server ~]# vi /etc/sysconfig/selinux

After saving the file and exiting the editor SELinux should be off and it shouldn’t interfere unless you enable it again. It recommended that we reboot the machine after changing SELinux between modes. If you plan to install cPanel/WHM on the machine this is a mandatory step. cPanel/WHM doesn’t work on your machine with SELinux set to Enforcing(1).

Please note that if we disable SELinux on CentOS 7 it doesn’t mean the machine will be less protected, however the OS will be more permissive. For example an user would be able to set 777 permissions for sensitive files like SSH Keys which means that other users will be able to see them.

Read more about SELinux:

SELinux on Wikipedia
HowTos SELinux