How to Enable or Disable SELinux in Different Modes?

Last Updated : 12 Mar, 2021

SELinux stands for Security-Enhanced Linux. SELinux is just like the Windows firewall, but it is more secure and private. It manages all the access control policies. We can control the status of SELinux security by using some direct commands or by actually going to the SELinux configuration file and editing the status. SELinux can have three values, enforcing, permissive and disabled. Enforcing means SELinux security policy is enforced. Permissive means SELinux is not enforcing but will print warnings. Disabled means it is not enforcing and also not print warning.

Check the Status

When SELinux is enforcing:

# getenforce

How to Enable or Disable SELinux in different modes

Enforcing

When SELinux is Permissive:

# getenforce

Permissive

Two ways to Enable or Disable SELinux:

Through commands.
Edit SELinux config file.

Through Command:

#setenforce Enforcing
#getenforce

setenforce enforcing

#setenforce Permissive
#getenforce

setenforce permissive

Instead of Enforcing and Permissive, you can also use 1 and 0 respectively. For example

#setenforce 0
#getenforce

setenforce 0

Edit SELinux Configuration File:

Open SELinux configuration file in vi editor. It is located at /etc/selinux/config

#vi /etc/selinux/config

config file

Now edit status to disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

~                                                                                
~                                                                                
~                                                                                
~                                                                                
~                                                                                
~                                                                                
~                                                                                
~                                                                                
"/etc/selinux/config" 14L, 548C

Now press ESC and type :wq and hit Enter to save it. Now check the status of SELinux using getenforce command.

# getenforce

selinux disabled

NOTE: You need to restart the system to actually see the changes occur. Hence, we have disabled the SELinux service by editing the configuration file.

Suggest improvement

How to Enable or Disable SELinux Boolean Values?

Share your thoughts in the comments