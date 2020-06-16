Security-Enhanced Linux (SELinux) adds policy-based security to the CentOS Linux kernel. System administrators set SELinux policy rules to specify access controls to processes, users, and files. By default, SELinux denies access to objects if no policy rule explicitly allows access.
Perform these steps as a sudo-enabled user, or root. This guide has been tested on:
SELinux operates in one of three modes:
We recommend using SELinux in enforcing mode. If your application is not compatible with SELinux, you may need to disable it completely.
Check the status of SELinux:
$ sudo sestatus
Find the lines relevant to this tutorial with
grep:
$ sudo sestatus | grep 'SELinux status\|Current mode'
SELinux status: enabled
Current mode: enforcing
To temporarily disable SELinux, use
setenforce.
$ sudo setenforce 0
$ sudo sestatus | grep 'SELinux status\|Current mode'
SELinux status: enabled
Current mode: permissive
Notice that Current mode is now permissive. This change will only persist until the next reboot.
To disable SELinux and make it persist across reboots, edit /etc/selinux/config.
$ sudo nano /etc/selinux/config
Change the SELINUX directive with either permissive or disabled.
SELINUX=disabled
Save and exit the file, then reboot.
$ sudo shutdown -r now
After the reboot, check the status.
$ sudo sestatus
SELinux status: disabled
