This is an article where the discussion is specified in the title of this article. It is about how to temporary disabled SELinux. As we already knew, SELinux is a feature available in a Linux operating system distribution, as it is shown in the part of the name ‘SELinux‘, it is available to support the access control security policy mechanism.
SELinux which stands for Security Enhanced Linux is must be configured to be activated in order for all the rules available as part of SELinux can be implemented within the operating system. But activating this security feature can also be troublesome sometimes because not all of the features or functionality which has already run in the first time before SELinux is implemented can still run properly after SELinux is being activated.
In the troubleshooting step, it is sometimes for the sake of finding the culprit of the problem, SELinux is disabled temporary. The purpose for disabling SELinux is actually to check whether the main problem causing an application, database or even the feature or functionality possessed by the operating system itself for not being able to be utilized or to be functioned properly is the security policy implemented by SELinux itself.
There are two ways for disabling SELinux feature. The first one is by disabling it temporarily. But disabling this temporarily it seems not always working. Below is how to disable it temporarily :
setenforce 0
Below is the execution of the command in the real condition :
[root@hostname ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 [root@hostname ~]#
After executing the command above for changing the mode of SELinux from enforcing to permissive, below is the status of SELinux :
[root@hostname ~]# setenforce 0
Another command available to achieve the result is the following command :
[root@hostname ~]# setenforce Permissive
Alternatively, it can be done by executing another command which will be resulted on the same output. The output is having a SELinux mode changed from enforcing into permissive. In other means, it can be viewed as disabling SELinux temporarily. Below is the alternative command :
[root@hostname ~]# setenforce 0
Below is the status of the SELinux after the execution of the above command :
[root@hostname ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 [root@hostname ~]#
As shown in the above output, there is one line which shown a difference. It is shown in the line of the following output :
Before executing ‘setenforce 0’ :
Current mode: enforcing
After executing ‘setenforce 0’ :
Current mode: permissive
If the problem by disabling SELinux temporary cannot be solved. We might want to try to disable it permanently as another step on the problem’s troubleshooting.
2 thoughts on “How to temporary disabled SELinux”