Working with SELinux

There will be a time when you will feel that SELinux is causing problems for other applications. Basically SELinux is a kernel mechanism which is enforcing some access rules for processes and files. But due to the access rules sometimes some newly installed applications are not able to work properly. To run applications smoothly we have to disable or make it permissive on our machine. But be aware that by disabling the SELinux you are removing the security mechanism from your system. There are two ways to disable the SELinux from the machine One is permissive and other is completely switch off the SELinux. Below are some brief description about the above two options:

Permissive– switch the SELinux kernel into a mode where every operation is allowed. Operations that would be denied are allowed and a message is logged identifying that it would be denied. The mechanism that defines labels for files which are being created/changed is still active.

Disabled– SELinux is completely switched off in the kernel. This allows all operations to be permitted, and also disables the process which decides what to label files & processes with.

In this tutorial I will show you how to make SELinux permissive (temporary/ permanently) or disabled.

Step 1: (Make SELinux Permissive for temporary)

To verify the stasus of SELinux in your machine issue the below command.

If the SELinux is working on your machine then you should get the output like below

To disable it temporarily issue the below command as a root user:

To switch back again to enforcing mode issue the below commands:

Step 2: (Make SELinux Permissive for Permanently)

Now we will work to make SELinux Permissive for permanently. Edit the file /etc/selinux/config and modify the value SELINUX=enforcing to SELINUX=permisive

Note that the SELinux will not run in permissive mode in this case until you reboot the machine. After a reboot verify and you can find that the SELinux is permissive.

Step 2: (Make SELinux Disabled)

If you need to make SELinux disabled then you need to edit the SELinux configuration file like the above step and modify the value SELINUX=permissive to SELINUX=disabled

You need to reboot your system to get the changes in this case also.

The following two tabs change content below.

Tapas Mishra

Sr. Engineer (DevOps)
Loves to work on Opensource products. Having experience on Linux environment. Knowledge on Public cloud services like AWS, Rackspace, DigitalOcean, Linode. Please don't hesitate to give a comment on the posts. Your comments are my strength.

Leave a Reply