How to disable SELINUX using grub?

linux centos selinux
12,457

Solution 1

I thought I need to type the information on the source in grub. What I did is very simple, I just type Ctrl+X then add selinux=0 on the edited selected kernel version. Spent hours looking for solution and exploring at boot loader to edit grub.cfg. Sorry I'm a newbie to not thinking that the selinux=0 will just add in Ctrl+X.

Solution 2

You can disable SELinux by adding the kernel parameter

selinux=0

to the kernel command line.

If you can't boot into your system anymore because of - say - SELinux relabeling issues the simplest thing is to temporarily add this parameter in Grub, i.e. while the Grub menu is displayed, select the right menu entry, enter entry edit mode with E, move to the kernel parameters line, move the cursor to the end, append selinux=0 and then hit CtrlX to boot that modified entry.

After the next successful boot you can permanently disable SELinux by either adding selinux=0 to your grub kernel parameter configuration or by setting SELINUX=disabled in /etc/selinux/config.

On CentOS 7 and later you can edit the kernel parameters in /etc/default/grub (in the GRUB_CMDLINE_LINUX= key) and then you have to regenerate your Grub config like this:

# grub2-editenv - unset kernelopts
# grub2-mkconfig -o /etc/grub2.cfg
# grub2-mkconfig -o /etc/grub2-efi.cfg
Share:
12,457

Related videos on Youtube

Earvin Nill Castillo
Author by

Earvin Nill Castillo

Updated on September 18, 2022

Comments

  • Earvin Nill Castillo
    Earvin Nill Castillo over 1 year

    I accidentally enabled SELINUX and reboot the system without knowing it's consequence. Now, I can't access the login system in my CENTOS 7 unit.

    What I've tried so far:

    https://serverfault.com/questions/501304/disable-selinux-permanently

    kernel /boot/vmlinuz-2.6.32-358.2.1.el6.x86_64 ro root=/dev/xvda1 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto console=tty0 selinux=0

    and this

    # cat /etc/grub.conf
........
    root (hd0,0)
    kernel /vmlinuz-2.6.32-279.el6.x86_64 root=/dev/md3 selinux=0
    initrd /initramfs-2.6.32-279.el6.x86_64.img
.........

    but after I reboot the system, I still can't login.

    Also what is the purpose of root=/dev/xda or /dev/md3.

    Update: I access the kernel boot and said that I should set selinux=0 in grub.cfg but when I went to grub.cfg it is readonly and the source path from the article is different from the path of the grub.cfg.

    • Admin
      Admin about 5 years
      Welcome to U&L. SELinux is enabled by default on a new CentOS installation. Did you take additional steps to disable it before? Also, when you say that you cannot login, I guess the system offers you a login prompt, but does not accept your user credentials as valid. Is it possible that you simply have the wrong credentials?
    • Admin
      Admin about 5 years
      @Haxiel the login prompt is missing. It was disabled already and when I enabled it after rebooting, i cannot access using putty that is why I went to the actual machine and found out that the login form is missing.
    • Admin
      Admin about 5 years
      @Haxiel currently im in the kernel boot mode but can't rewrite the grub.cfg to set selinux=0 due to readonly.
    • Admin
      Admin about 5 years
      If you reboot the system, you can go back to the GRUB prompt where you'll get a chance to edit the boot configuration. You'll be able to edit the kernel boot configuration there. It's not persistent, but it should at least tell you if you're on the right track. If the rghb quiet parameters are present, you can remove them as well so that you can see the logs during startup.
    • Admin
      Admin about 5 years
      try adding 1 for single user mode kernel /vmlinuz-2.6.32-279.el6.x86_64 root=/dev/md3 selinux=0 1
    • Admin
      Admin about 5 years
      is rghb applicable in centos? @Haxiel what type of cmd should i use so that I can edit the grub.cfg
    • Admin
      Admin about 5 years
      @jsotola does adding single user mode will make the file writable?
    • Admin
      Admin almost 4 years
      grub.cfg is not in /etc/grub.cfg. maybe use sudo find /boot -name "grub.cfg" to detect it
  • Haxiel
    Haxiel about 5 years
    Please do note that changes made this way will not be persistent. You'll need to redo them on each boot.
  • Earvin Nill Castillo
    Earvin Nill Castillo about 5 years
    Stressful last day of work.
  • Konrad Gajewski
    Konrad Gajewski almost 4 years
    How come you had the answer in the original question all along?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

chcon: can't apply partial context to unlabeled file while installing nagios with SELinux
SElinux prevent cron from running Centos 7
Change unconfined_u to system_u is failing
Why isn't my cronjob running?
Unable to start auditd
SELinux: denied { execute } for pid=2174 comm="httpd" path="/etc/httpd/lib/libaprutil-1.so.0.5.3"
TFTP uploads failing
CentOS - semanage - Delete range of ports
What does the .autorelabel file do in Linux?
chcon: can't apply partial context to unlabeled file '/usr/sbin/xrdp'