Disable SELinux on CentOS 5

Linux specific questions/information are gathered here. The main thrust of topics are applied to Centos/RedHat(RH)/Debian/Ubuntu/Gentoo distributives

Disable SELinux on CentOS 5

Postby lik » Sun Aug 02, 2009 7:38 am

Security-Enhanced Linux, also know as SELinux, implements various security policies on Linux and additional levels of access crontrol. It was originally developed by the U.S. National Security Agency to adhere to the "Orange Book" guidelines. On CentOS 5 it is enabled by default, but there may be circumstances where you don't need SELinux's additional security and may want to disable it.

The SELinux configuration file on CentOS is located at /etc/selinux/config and after a default install looks like this:
Code: Select all
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

To disable SELinux you need to change "SELINUX=enforcing" to "SELINUX=disabled" so that the configuration file now looks like this:
Code: Select all
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

This would then disable SELinux on your next reboot. To change the SELinux setting right now, without having to reboot, you can use the setenforce command like so:
Code: Select all
setenforce 0

However this will only put SELinux into permissive mode until the next reboot, meaning that SELinux is running and logging but not actually controlling permissions. To make the change permanant, and to disable SELinux completely, you need to modify the configuration file as detailed above and reboot.

It's also possible to change the SELinux setting without editing the configuration file manually, by running the following command:
Code: Select all
/usr/bin/system-config-securitylevel-tui

Normally you wouldn't want or need to change or disable SELinux; this is just a guide in case you do need to for some reason or other.

Another solution is to pass the following kernel boot option selinux=0:
Code: Select all
...
...
title CentOS (2.6.18-238.12.1.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-238.12.1.el5 ro root=LABEL=/ selinux=0
        initrd /initrd-2.6.18-238.12.1.el5.img
...
...
lik
Founder
Founder
 
Posts: 497
Joined: Wed Dec 15, 2010 3:21 am

Return to Linux specific

 


  • Related topics
    Replies
    Views
    Last post
cron