Warning message

This translation is outdated. For the most up-to-date information, please refer to the English version.

How do I turn SELinux off in Red Hat Enterprise Linux?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 4
  • SELinux

Issue

How do I turn SELinux off in Red Hat Enterprise Linux?

Resolution

Caveat

Red Hat Global Support Services recommends disabling SELinux permanently only if you are certain you will never want to run SELinux in the future. Files created with SELinux disabled will not have the information necessary to function when SELinux is enabled; changing this requires a "relabel" of the filesystems, which can be a very time consuming operation.

Instead of disabling SELinux, you may want to put SELinux in "Permissive" mode instead. In this mode,

  • The SELinux policies will remain loaded,
  • Access attempts that violate the configured SELinux policy will still be logged, but
  • Access attempts that violate the configured SELinux policy will not be denied, thus disabling the protections offered by SELinux.
RHEL 7
  • Selinux will need to be disabled by editing /etc/selinux/config
  • Set the line SELINUX=enforcing to SELINUX=disabled
  • Reboot the system
RHEL 6 and RHEL5

The most convenient tool for controlling the SELinux status is system-config-selinux; it is part of the policycoreutils-gui package:

system-config-selinux-rhel6.png

"System Default Enforcing Mode" controls the SELinux status when the system is booted; it can be set to "Enforcing", "Permissive" or "Disabled".

"Current Enforcing Mode" can be switched between "Enforcing" and "Permissive". This setting is effective immediately but is not persistent - the system will revert to the "System Default Enforcing Mode" setting when it is restarted.

RHEL4

The tool system-config-securitylevel (in the package of the same name) may be used to turn SELinux on or off by checking the Enabled tickbox. You will have to select the SELinux tab to see this option. The system must be rebooted for the change to take effect.

The tool will look similar to the following:

system-config-securitylevel-rhel4.png

SELinux may also be disabled by editing /etc/selinux/config and by setting the SELINUX value to be SELINUX=Disabled and rebooting the machine.

SELinux may also be disabled by appending the line "selinux=0" to the kernel boot options. A GRUB example may be as follows:

title Red Hat Enterprise Linux ES (2.6.9-5.EL)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-5.EL ro root=/dev/VolGroup00/LogVol00 rhgb quiet selinux=0
        initrd /initrd-2.6.9-5.EL.img

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.