How to Enable or Reinstall SELinux on CentOS

Updated on June 17, 2020
How to Enable or Reinstall SELinux on CentOS header image

Introduction

Security-Enhanced Linux (SELinux) is an enhanced security mechanism at the kernel level. Follow this guide to reinstall SELinux and reset the policy to default settings. If SELinux is not already installed, go directly to step 2.

Perform these steps as a sudo-enabled user, or root. This guide has been tested on:

  • CentOS 8
  • CentOS 7
  • CentOS 6

1. Disable and Remove SELinux

# setenforce 0
# yum remove selinux-policy\*
# rm -rf /etc/selinux/targeted /etc/selinux/config

2. Install SELinux

# yum install selinux-policy-targeted
# yum install selinux-policy-devel policycoreutils
# touch /.autorelabel; reboot

SELinux will detect the /.autorelabel file on reboot, and then relabel all files with the correct SELinux contexts. If you have many files, the instance may be unavailable for a long time. You can monitor the instance from the Vultr Web console.