Disable SELinux

Updated by Linode

Contribute on GitHub

View Project | View File | Edit File

Security Enhanced Linux

SELinux can disupt the functionality of a recently installed application and may need to be disabled. This Quick Answer guides you through the steps necessary to disable it.

This guide requires an unconfined root account. You will only be able to disable SELinux if you have the highest level of permissions on your machine.

Disable SELinux

Disabling SELinux removes a security feature on your system, and doing so may expose your data. If you are considering disabling SELinux to fix an application on your system, consider fixing the application to work within SELinux instead.

We do not recommend disabling SELinux.

However, in certain instances it might be easier to disable SELinux than it is to write policies that support SELinux in your environment. Proceed at your own risk.

To disable SELinux on your Linode follow along with this video and the steps below:

  1. Navigate to the SELinux configuration directory at /etc/sysconfig/selinux:

    1
     cd /etc/sysconfig/selinux
    
    /etc/sysconfig/selinux
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=enabled
    # SELINUXTYPE= can take one of three two values:
    #     targeted - Targeted processes are protected,
    #     minimum - Modification of targeted policy. Only selected processes are protected.
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    
  2. Change SELINUX=enabled to SELINUX=disabled:

    /etc/sysconfig/selinux
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of three two values:
    #     targeted - Targeted processes are protected,
    #     minimum - Modification of targeted policy. Only selected processes are protected.
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    
  3. reboot your system and run sestatus:

    1
    2
     root@host: sestatus
     SELinux status:                 disabled
    

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

This guide is published under a CC BY-ND 4.0 license.