How do I turn SELinux off in Red Hat Enterprise Linux?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux
  • SELinux

Issue

  • How do you disable SELinux in Red Hat Enterprise Linux?

Resolution

WARNING

  • Red Hat Global Support Services does not recommend disabling SELinux.
  • SELinuxshould only be disabled in circumstances where your regulatory framework accepts that a class of security reporting and enforcement will be missing.
  • Files created with SELinux disabled will not have the appropriate labels to function correctly if SELinux is enabled in the future.
  • You will need to perform a file system relabeling if you re-enable SELinux. This is a time consuming operation.

For troubleshooting SELinux issues, you can temporarily change SELinux to permissive mode instead.

  • The SELinux policies will remain loaded.
  • Access attempts that violate the policies will still be logged but will not be denied.

Proceed with caution when running any of these commands in a production environment.

Red Hat Enterprise Linux 9

  1. Install the grubby package if it's not already installed.

    $ sudo dnf install grubby
    
  2. Configure the boot loader to add selinux=0 to the kernel command line.

    $ sudo grubby --update-kernel ALL --args selinux=0
    
  3. Reboot the system.

    $ sudo reboot
    

    To re-enable SELinux run the following command:

    $ sudo grubby --update-kernel ALL --remove-args selinux
    

Red Hat Enterprise Linux 8, 7, and 6

There are two options available:

Method 1:

  1. Edit the /etc/selinux/config file and change SELINUX=enforcing to SELINUX=disabled.

  2. Reboot the system.

    $ sudo reboot
    

Method 2:

  1. Install the grubby package if it's not already installed.

    $ sudo yum install grubby
    
  2. Configure the boot loader to add selinux=0 to the kernel command line.

    $ sudo grubby --update-kernel ALL --args selinux=0
    
  3. Reboot the system.

    $ sudo reboot
    

Red Hat Enterprise Linux 5 and 4

There are two options available:

Method 1:

  1. Edit the /etc/selinux/config file and change SELINUX=enforcing to SELINUX=disabled.

  2. Reboot the system.

    $ sudo reboot
    

Method 2:

  1. Edit the /boot/grub/grub.conf file and add selinux=0 to the end of the kernel line.

    Here is an example:

    kernel /vmlinuz-2.6.18-398.el5 ro root=/dev/VolGroup00/LogVol00 selinux=0

  2. Reboot the system.

        $ sudo reboot
    

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments