SELinux is a crucial component of the Linux universe. It takes care of a majority of security issues which would be a headache to maintain and monitor should in a bare Linux installation. However, SELinux is not without its own set of headaches. For one, in its default setting, SELinux is restrictive. It keeps everything out. Although this provides a secure environment to work on, it also makes a basic Linux install tedious especially if one is not aware of SELinux.
In my case, I discovered SELinux at the onset of CentOS 5 as it progressed to 5.5 and later on 6. My first headache from it is when port 80 or the HTTPD port was inaccessible. It took me days to figure it out. I tinkered with IPtables. I even went as far as reinstalling the entire system in hopes of going around the problem. Then I discovered SELinux.
SELinux is a technology developed by the National Security Agency (NSA) as a kernel based security module for Linux. Yes. They developed it specifically for Linux. The NSA aimed to:
NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals.
Now, if you are having headaches with SELinux in your Development Environment, sometimes you need to disable it — remove unnecessary variables they say. So, here’s the step by step guide.
Disable SELinux in CentOS7 TEMPORARILY
First check if SELinux is enabled or enabled:
To disable SELinux temporarily do either of the two:
$ echo 0 > /selinux/enforce
$ setenforce 0
Or, set it to permissive mode:
$ setenforce Permissive
Disable SELinux in CentOS7 PERMANENTLY
On the otherhand, if you want to disable it permanently, you can edit /etc/sysconfig/selinux and do the following:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
# SELINUXTYPE= can take one of three two values:
# targeted – Targeted processes are protected,
# minimum – Modification of targeted policy. Only selected processes are protected.
# mls – Multi Level Security protection.