Disable SELinux on CentOS 7 - How to do it ?

There is a Linux kernel module that protects your system from security issues. It allows Linux users to have better control of their systems. It is called SELinux (Security-Enhanced Linux).

With SELinux, administrators, and users specify the policy rules that control how processes running on the system and users interact with each other. Besides, the SELinux also rules the way how users and processes interact with files.

Here at LinuxAPT, as part of our Server Management Services, we regularly help our customers to perform related SELinux queries on Linux systems.

In this context, we shall look into how to disable SELinux on CentOS 7.

Different modes of SELinux:
  • Enforcing: SELinux will be based on policy rules to allow access.
  • Permissive: SELinux will log all actions that been denied if they running in the enforcing mode.
  • Disabled: There is no SELinux policy loaded.

By default, SELinux is enabled in enforcing mode on CentOS 7. It's highly recommended to enable the SELinux and keep it running in enforcing mode. However, in some cases, you need to set the SELinux in the permissive mode or disable it.

How to Verify the SELinux status ?

In order to check whether the SELinux is enabled or not? Let's run the following commands:

$ sudo sestatus

How to Disable the SELinux status ?

You can simply change the mode of SELinux from enforcing to permissive by running the following command:

$ sudo setenforce 0

The above command only affects the current session. In order to disable the SELinux permanently, you need to edit /etc/selinux/config file:


Now, reboot your CentOS system then check the SELinux status again:

$ sudo sestatus

[Need help in fixing Linux system issues? We can help you. ]

This article covers method to permanently disable SELinux on CentOS 7. SELinux, also known as Security-Enhanced Linux, is a security feature embedded in the Linux kernel. SELinux leverages Mandatory Access controls (MAC) to confine users to certain rules and policies and prevents them from performing unauthorized tasks on the Linux system as specified by the IT administrator

To Check SELinux status, simply run the command:

# sestatus

Related Posts