Disable SELinux on CentOS 7

By | 2018-09-22

To temporarily disable SELinux on CentOS 7, run this command as root:

root@centos7 ~]# setenforce 0

If you want to turn it back on, use the command:

root@centos7 ~]# setenforce 1

This will not persist across a reboot. If you want it to be disabled when the system boots, edit /etc/sysconfig/selinux and replace this line:

SELINUX=enforcing

with:

SELINUX=permissive

If you aren’t sure if it is on, use this command:

root@centos7 ~]# getenforce
Permissive

SELinux is a form of https://en.wikipedia.org/wiki/Mandatory_access_control (MAC). It is enabled by default on Red Hat Enterprise Linux 7 based distributions. I sometimes see people recommend disabling it. This is good advice for troubleshooting, but I don’t think it is a good solution. It is better to spend a little time learning SELinux, and then change the labels or policies. A lot of SELinux problems can be fixed in a few minutes. In most cases, once the problem is fixed, you will never have to mess with SELinux again. If you run into more problems, your prior experience will give you a great start on fixing the new problems.

SELinux has great security benefits. Why throw that away?

References