BestHub
Sign in
Information Security 5 min read

How to Safely Disable SELinux on CentOS: Step‑by‑Step Guide

This guide explains why and how to disable SELinux on CentOS, covering status checks, temporary and permanent disabling methods, necessary configuration file edits, and verification steps to ensure the system runs without SELinux enforcement.

Open Source Linux
Open Source Linux
Open Source Linux
How to Safely Disable SELinux on CentOS: Step‑by‑Step Guide

Introduction

SELinux is a mandatory access control (MAC) system built into the Linux kernel that restricts permissions of individual services that could threaten the system.
A CentOS system without SELinux relies on the configuration of all privileged applications; a single misconfiguration can jeopardize the entire system.

Why Disable SELinux

Not all applications support SELinux, and it may terminate necessary processes during normal use and installation. In such cases, disabling the service is recommended.

Step 1: Check SELinux Status

SELinux is enabled by default on CentOS and most RHEL‑based distributions.
Check the current status with the following command:
sestatus
The example output shows SELinux is enabled and the mode is enforcing mode .
SELinux may block normal operation of applications. Services will be denied access if any of the following occur:

Incorrect file labeling.

Incompatible applications attempting to access prohibited files.

Service running under an improper security policy.

Detected intrusion.

If a service is not running correctly, examine the SELinux logs located at /var/log/audit/audit.log . The most common messages are marked as AVC. If no logs appear, also check /var/log/messages . If the auditd daemon is not running, logs are written to the latter file.

Step 2: Disable SELinux

1. Temporarily Disable SELinux

To temporarily disable SELinux, run:
sudo setenforce 0
In the setenforce command you can use permissive instead of 0 .
This command changes the SELinux mode from target to permissive .

2. Permanently Disable SELinux

To permanently disable the service, edit the /etc/sysconfig/selinux file with a text editor such as vim or nano.

1. Open the file: sudo vi /etc/sysconfig/selinux 2. Change the line SELINUX=enforcing to SELINUX=disabled.

3. Save the edited file.

Reboot CentOS to Apply Changes

After editing, reboot the system to apply the changes:
sudo shutdown -r now
After reboot, verify the service status with:
sestatus
The status should be disabled , indicating that no SELinux policies are loaded and no AVC logs are generated.
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

CentOSLinux securitySELinuxDisable SELinux
Open Source Linux
Written by

Open Source Linux

Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment