Security-Enhanced Linux (SELinux) is a security architecture integrated into the 2.6.x kernel using the Linux Security Modules (LSM). It is a project of the United States National Security Agency (NSA) and the SELinux community. SELinux integration into Red Hat Enterprise Linux was a joint effort between the NSA and Red Hat.

In simple terms, SELinux is a mandatory access control (MAC) security structure executed in the kernel. SELinux offers methods for upholding some security approaches which would some way or another not be adequately executed by a System Administrator.

On CentOS systems, SELinux is enabled by default and due to this, some applications may not function correctly as they might not support this security mechanism. Therefore, to make such applications function correctly, you have to disable or turn off SELinux. This guide shows you how to disable SELinux Temporarily or Permanently in CentOS 7.

Deploying your cloud server
If you have not already registered with Cloudwafer, you should begin by getting signed up. Take a moment to create an account after which you can easily deploy your own cloud servers.

Once you have signed up, log into your Cloudwafer Client Area with the password provided in your mail and deploy your Cloudwafer cloud server.

Step 1: Check SELinux status
The first step is to check the status of SELinux on your system, by typing the command below:

sestatus

You can also type the command below to check the status of SELinux:
getenforce

From the screenshots above, the current mode is Enforcing.

SELinux has the following modes:

  • Enforcing: This is the default. In enforcing mode, if something occurs on the system that is against the defined policy strategy, the activity will be both blocked and logged.

  • Permissive: This mode doesn't block or deny anything from happening but will log anything that would have regularly been hindered in enforcing mode. It's a decent mode to utilize in the event that you maybe need to test a Linux system that has never utilized SELinux and you need to get a thought of any issues you may have. No system reboot is required while swapping amongst enforcing and permissive modes.

  • Disabled: In this mode, SELinux is completely turned off, nothing is logged by any means. To switch to the Disabled mode, a system reboot will be required. In the event that you are changing from Disabled mode to either enforcing or permissive modes, a system reboot will likewise be required.

Next, proceed to disable SELinux on your system, this can be done temporarily or permanently depending on your needs.

Temporarily Disabling SELinux
To temporarily disable SELinux (i.e. to set the SELinux mode to Permissive), type the command below:

 sudo setenforce 0

Proceed to check the SELinux status by typing the command:

getenforce

You can switch back to Enforcing mode by typing the command below:

sudo setenforce 1

Proceed to check the SELinux status by typing the command:

getenforce

Disable SELinux Permanently
To permanently disable SELinux, open the file /etc/sysconfig/selinux using any editor of your choice.

sudo nano /etc/sysconfig/selinux

Change SELinux = enforcing to SELinux = disabled.

Save and close the file then proceed to reboot your system for the changes to take effect. After rebooting, check the status of SELinux using sestatus.

You can read more on SELinux here.