SELinux is a great framework for securing systems but sometimes it can really get in the way of making things work properly if it’s not set up just so. Often, it’s a good idea to at least set SELinux to permissive (not enforcing) mode if you are troubleshooting a problem potentially caused by its operation. When in permissive mode, SELinux will not interrupt anything on the system at all, it will only log breaches of it’s set policies.

This document is just for the absolute basics of SELinux and particularly, how to set it to permissive mode or disable it if you wish. More information can be found at http://fedoraproject.org/wiki/SELinux

To see the status of SELinux:

sestatus

You’ll see something like this:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

The mode, enforcing, means that it is enforcing SELinux policy.

You can change the mode by using the setenforce command.

To disable enforcement:

setenforce 0

To enable enforcement:

setenforce 1

Once enforcement is disabled, SELinux will no longer actively operate on the system. It will only warn in a log file when the set policy is violated so it should not interfere with the normal operation of the machine while in this state.

To completely disable SELinux, edit /etc/selinux/config and set the SELINUX= parameter to disabled. There are some comments in that file to provide hints on this. After editing the file, you must reboot for it to take effect.