SELinux (Security Enhanced Linux) is an extra layer of security available in Linux systems in addition to the regular security restrictions . However, SELinux security rules are often too restrictive for web hosting servers. So it is generally disabled in hosting servers.
SELinux operates in 3 modes as given below:
enforcing – in this mode, SELinux security rules are enforced. Any access that violates an SELinux rule is blocked.
permissive – SELinux security rules are not enforced. Violations are not blocked, but logged.
disabled – SELinux is completely disabled.
The sestatus command returns the status of SELinux in the system.
The output may look similar to following when SELinux is enabled:
$ sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
When SELinux is disabled, output will be following:
$ sestatus SELinux status: disabled
The getenfoce command returns the current mode of SELinux in the system. It displays one of Enforcing, Permissive or Disabled.
The setenforce command can change SELinux mode to Enforcing or Permissive.
setenforce Enforcing or setenforce 1 – changes mode to Enforcing
senenforce Permissive or setenforce 0 – changes mode to Permissive
To change SELinux mode to Disabled, edit the configuration file /etc/selinux/config and set value of SELINUX to disabled as follows:
Then reboot the system to make the change effective. After the system is rebooted, check SELinux status with sestatus and getenforce commands. It should be disabled.