03.06.2023

How to disable SELinux on CentOS?

In some cases, we need to get access to low levels of machines: set up specialized software, drivers, and other feature which could be requires a deep layer of permission. And sometimes rights don’t fit to complete this task due to security policies by default settings. There is such a module, which restricts access to modify system files.

What is SELinux?

SELinux is a security module that can provide significant measures for protecting the system. It is part of the Linux kernel performing role access control security policies: mandatory and discretionary. Manage system comes from the config file that the administrator can modify, therefore separate user rights for more effective control of security.

That also provides a set of policy rules that define the behaviour of system components and applications. These rules are enforced by the kernel and can be customized to meet the specific security requirements of a given system.

Another unique feature of SELinux is its ability to confine processes to specific domains, which limits their access to resources outside of those domains. This helps to prevent compromised processes from accessing sensitive data or performing malicious actions.

How to disable SELinux?

Consider different ways to shut down security modules: open configuration file with any convenient text editor.

sudo apt install nano && sudo nano /etc/selinux/config

Find raw with value enforcing and replace that by:

SELINUX=disabled

Screenshot №1 — Configuration flie

Save changes with a combination Ctrl + O and close the file using Ctrl + X.

Notice: Combinations of keyboard fit only for a nano text editor!

Reload the system for the changes to take effect with the command below:

sudo reboot

Screenshot №2 — Reboot

If that way doesn’t fit your operation system follow the next command:

sudo setenforce 0

That line disables SELinux for a session until the reboot system which could be a more secure way than the first method. If you need to turn on this module enter the command:

sudo setenforce 1

Screenshot №3 — CLI way

But if modules aren't part of your operating system kernel, uninstallation will be different:

sudo dnf remove selinux-policy\*

Screenshot №4 — Uninstallation

And to make sure we need to enter this command and find point status:

sestatus

Screenshot №5 — Check work

Conclusion

SELinux is an effective security module that employs crucial measures to safeguard the system by limiting Linux kernel modification. Nonetheless, there are instances when it becomes necessary to deactivate this module in order to carry out certain tasks that necessitate elevated levels of authorization or because of preset configurations. We have outlined two methods for disabling security modules.