How to disable SELINUX using grub?
Solution 1
I thought I need to type the information on the source in grub. What I did is very simple, I just type Ctrl+X then add selinux=0 on the edited selected kernel version. Spent hours looking for solution and exploring at boot loader to edit grub.cfg. Sorry I'm a newbie to not thinking that the selinux=0 will just add in Ctrl+X.
Solution 2
You can disable SELinux by adding the kernel parameter
selinux=0
to the kernel command line.
If you can't boot into your system anymore because of - say - SELinux relabeling issues the simplest thing is to temporarily add this parameter in Grub, i.e. while the Grub menu is displayed, select the right menu entry, enter entry edit mode with E, move to the kernel parameters line, move the cursor to the end, append selinux=0
and then hit CtrlX to boot that modified entry.
After the next successful boot you can permanently disable SELinux by either adding selinux=0
to your grub kernel parameter configuration or by setting SELINUX=disabled
in /etc/selinux/config
.
On CentOS 7 and later you can edit the kernel parameters in /etc/default/grub
(in the GRUB_CMDLINE_LINUX=
key) and then you have to regenerate your Grub config like this:
# grub2-editenv - unset kernelopts
# grub2-mkconfig -o /etc/grub2.cfg
# grub2-mkconfig -o /etc/grub2-efi.cfg
Related videos on Youtube
Earvin Nill Castillo
Updated on September 18, 2022Comments
-
Earvin Nill Castillo over 1 year
I accidentally enabled SELINUX and reboot the system without knowing it's consequence. Now, I can't access the login system in my CENTOS 7 unit.
What I've tried so far:
https://serverfault.com/questions/501304/disable-selinux-permanently
kernel /boot/vmlinuz-2.6.32-358.2.1.el6.x86_64 ro root=/dev/xvda1 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto console=tty0 selinux=0
and this
# cat /etc/grub.conf ........ root (hd0,0) kernel /vmlinuz-2.6.32-279.el6.x86_64 root=/dev/md3 selinux=0 initrd /initramfs-2.6.32-279.el6.x86_64.img .........
but after I reboot the system, I still can't login.
Also what is the purpose of
root=/dev/xda
or/dev/md3
.Update: I access the kernel boot and said that I should set selinux=0 in grub.cfg but when I went to grub.cfg it is readonly and the source path from the article is different from the path of the grub.cfg.
-
Admin about 5 yearsWelcome to U&L. SELinux is enabled by default on a new CentOS installation. Did you take additional steps to disable it before? Also, when you say that you cannot login, I guess the system offers you a login prompt, but does not accept your user credentials as valid. Is it possible that you simply have the wrong credentials?
-
Admin about 5 years@Haxiel the login prompt is missing. It was disabled already and when I enabled it after rebooting, i cannot access using putty that is why I went to the actual machine and found out that the login form is missing.
-
Admin about 5 years@Haxiel currently im in the kernel boot mode but can't rewrite the grub.cfg to set selinux=0 due to readonly.
-
Admin about 5 yearsIf you reboot the system, you can go back to the GRUB prompt where you'll get a chance to edit the boot configuration. You'll be able to edit the kernel boot configuration there. It's not persistent, but it should at least tell you if you're on the right track. If the
rghb quiet
parameters are present, you can remove them as well so that you can see the logs during startup. -
Admin about 5 yearstry adding
1
for single user modekernel /vmlinuz-2.6.32-279.el6.x86_64 root=/dev/md3 selinux=0 1
-
Admin about 5 yearsis rghb applicable in centos? @Haxiel what type of cmd should i use so that I can edit the grub.cfg
-
Admin about 5 years@jsotola does adding single user mode will make the file writable?
-
Admin almost 4 yearsgrub.cfg is not in /etc/grub.cfg. maybe use
sudo find /boot -name "grub.cfg"
to detect it
-
-
Haxiel about 5 yearsPlease do note that changes made this way will not be persistent. You'll need to redo them on each boot.
-
Earvin Nill Castillo about 5 yearsStressful last day of work.
-
Konrad Gajewski almost 4 yearsHow come you had the answer in the original question all along?