Disabling Security Enhanced Linux (SELinux)

SELinux is a set of extra security restrictions on top of the normal Linux security tools. It gives the systems administrator a finer grain of control than what the kernel typically provides.

However, SELinux can also be a hindrance.

Test if SELinux is running

You can test to see if SELinux is currently enabled with the following command:

root@lnx001# selinuxenabled && enabled || echo disabled

Turning off SELinux temporarily

Disabling SELinux temporarily is the easiest way to determine if the problem you are experiencing is related to your SELinux settings. To turn it off, execute the following command:

root@lnx001# echo 0 > /selinux/enforce

This temporarily turns off SELinux until it is either re-enabled or the system is rebooted. To turn it back on you simply execute this command:

root@lnx001# echo 1 > /selinux/enforce

Configuring SELinux to log warnings instead of block

You can also configure SELinux to give you a warning message instead of actually prohibiting the action. This known as permissive mode. To change SELinux's behavior to permissive mode you need to edit the configuration file located at /etc/selinux/config. For example:

SELINUX=permissive

NOTE: These changes will not take effect until the system is rebooted, which is why the first section comes in handy on a system you either cannot or do not want to reboot right now.

Permanently disabling SELinux

To completely disable SELinux instead of setting the configuration file to permissive mode you set it to disabled. For example:

SELINUX=disabled

You will need to reboot your system or temporarily set SELinux to non-enforcing mode to create the desired effect like the example above.