Security-Enhanced Linux (SELinux) is an implementation of security policies for operating systems that provides a mechanism to support and help control access in the linux kernel. On Red Hat Enterprise Linux 7 (RHEL 7), CentOS 7 and Oracle Linux 7 (OL7), SELinux services were installed by default. The following tutorial will show you the basic steps to permanently disable SELinux on RHEL 7, CentOS 7 and OL7.
1. Check SELinux status :
[root@centos7 ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28
2. Open selinux configuration file :
[root@centos7 ~]# vi /etc/sysconfig/selinux
3. Change “SELINUX=enforcing” to “SELINUX=disabled” and save the configuration file :
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
4. Reboot the server to take effect :
[root@centos7 ~]# reboot
5. After reboot, you can verify the status of SELinux. Issue “sestatus” command to verify that SELinux permanently disabled:
[root@centos7 ~]# sestatus SELinux status: disabled