Fully disable SELinux in the CLI

Fully disabling SELinux goes one step further than just switching into permissive mode. Disabling will completely disable all SELinux functions including file and process labelling.

You need to edit /etc/selinux/config and change the SELINUX line to SELINUX=disabled:

Which should look like this:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Only targeted network daemons are protected.
# strict – Full SELinux protection.
SELINUXTYPE=targeted

Remember you will need to reboot the system

If you don’t have the /etc/selinux/config file, you need to edit the kernel boot line, usually in /boot/grub/grub.conf, if you’re using the GRUB boot loader. On the kernel line, add selinux=0 at the end.

title SE-Linux Test System
root (hd0,0)
kernel /boot/vmlinuz-2.4.20-selinux-2003040709 ro root=/dev/hda1 nousb selinux=0
#initrd /boot/initrd-2.4.20-selinux-2003040709.img

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s