Disable SeLinux permanently

centos6 selinux
5,933

Solution 1

you need to set it in /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

The correct location to pass selinux=0 as kernel boot paramater is in /etc/grub.conf

kernel /boot/vmlinuz-2.6.32-358.2.1.el6.x86_64 ro root=/dev/xvda1 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto console=tty0 selinux=0

PS SELinux should be only set to permissive to debug a problem, run it in permissive see what gets logged to /var/log/audit.log fix the denials then switch it back to enforcing do not run it in permissive or disabled long term.

Solution 2

Setting SELINUX=disabled in the file /etc/sysconfig/selinux should be enough. You can also disable it from the kernel. Edit the file /etc/default/grub and add selinux=0 to the GRUB_CMDLINE_LINUX variable and update your GRUB configuration:

shell# grub2-mkconfig -o /etc/grub2.cfg

After rebooting, check SELinux status. The getenforce command should print Disabled.

Share:
5,933
Programster
Author by

Programster

Updated on September 18, 2022

Comments

  • Programster
    Programster over 1 year

    I am running a virtualbox CentOS 6.4 (64 bit) server with Cobbler service. One of the steps is to disable SeLinux in order to prevent a python error when running service cobblers start. If I run setenforce 0 everything is fine, but I have to run that command every time the server restarts. I tried changing /etc/sysconfig/selinux to SELINUX=disabled and also SELINUX=permissive before restarting, but sestatus keeps showing that centOS starts with selinux running. Do I need to change a different config file, or have I configured the selinux file incorrectly?

    Youtube video showing selinux config file, rebooting and then checking status

    • Programster
      Programster about 11 years
      It seems like this guy has the same issue in fedora: serverfault.com/questions/500957/…
    • tgharold
      tgharold almost 11 years
      Disabling SELinux is never the right answer. You should put it into Permissive mode, then use "sealert -a /var/log/audit/audit.log" to see what would be blocked in "Enforcing" mode. Remedy those issues with either "restorecon" (mislabeled files), setting SELinux booleans, or using audit2allow to create a custom policy for your system.
  • Programster
    Programster about 11 years
    Ok well I have rebooted and used 'getenforce' instead of sestatus. It outputs Enforcing. Here is a video to show: youtu.be/hZzP-kOtGfU
  • Spack
    Spack about 11 years
    I've edited my answer.
  • Programster
    Programster about 11 years
    It appears that I do not have a /etc/default/grub file. Perhaps I need to edit the /etc/grub.conf file? There is no GRUB_CMDLINE_LINUX variable in there though. Also grub2-mkconfig -o /etc/grub2.cfg resulted in grub2-mkconfig: command not found Perhaps I should let you know that I am running a bare minimal centos 6.4 net-install...
  • Programster
    Programster almost 11 years
    When I originally read this answer I had not properly read the paths. I needed to change /etc/selinux/config instead of /etc/sysconfig/selinux as you stated.
  • maxschlepzig
    maxschlepzig over 4 years
    @Programster, CentOS 6 is on Grub 1, IIRC. Thus, this part only works on CentOS 7 and later.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Selinux in permissive mode, ssh key based auth and locked account
CentOS 6: PHP can not load gdchart.so and oci8.so compiled by me
OpenVPN SELinux Permission Denied
How can I do an SELINUX filesystem relabel without rebooting first?
Incrond running but not executing commands CentOS 6.4
How do I remove a SELinux module in CentOS?
Linux - CentOS6 - semanage - command not found
How do I view the contents of a SELinux policy package
incrond running but not executing command under CentOS 6.4
install MySQL Server 5.0 on CentOS 6.3