56

I need to disable SELinux but cannot restart the machine

i followed this link where i get bellow command

setenforce 0

But after running this command i checked for that

sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          disabled
Policy version:                 24
Policy from config file:        targeted

Is there any other option?

Vikas Hardia
  • 695
  • 1
  • 6
  • 8

6 Answers6

68

sestatus is showing the current mode as permissive.

In permissive mode, SELinux will not block anything, but merely warns you. The line will show enforcing when it's actually blocking.

I don't believe it's possible to completely disable SELinux without a reboot.

garethTheRed
  • 33,289
  • 4
  • 92
  • 101
  • 1
    I think you can disable it without a reboot by directly editing the /etc/selinux/config file and setting SELINUX=disabled – dmohr Mar 02 '18 at 19:40
  • 1
    @dmohr - If you read [this Centos document](https://www.centos.org/docs/5/html/5.1/Deployment_Guide/sec-sel-enable-disable.html) it tells you that it only works on the next reboot. – garethTheRed Mar 02 '18 at 19:50
14

Disabling SELinux without reboot is not possible. But I guess making it in permissive mode is going to satifsy your requirement.

The output of sestatus shows SELinux is enabled but also shows it is in Permissive mode, which is what you just did with the setenforce command.

beginer
  • 2,648
  • 16
  • 18
11

On CentOS 7: 

echo 0 > /sys/fs/selinux/enforce
rsnow
  • 111
  • 1
  • 2
  • 2
    fwiw, this didn't work for me, Centos 7.2: `# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive # echo 0 > /sys/fs/selinux/enforce # sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted ` – datakid Oct 04 '16 at 03:23
  • This only disables selinux in current "session" and when rebooting this config will be lost. – EAmez Mar 04 '22 at 08:39
  • By current "session" I mean current runtime. Also 0 does not disable selinux but configure it as permissive. – EAmez Mar 04 '22 at 08:50
7

At the time of writing what OP did should work. On Fedora 26:

[aries@csibesz]$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      30

As user doesn't work.

[aries@csibesz]$ setenforce 0
setenforce:  setenforce() failed

As root, it does:

[aries@csibesz]$ sudo setenforce 0
[aries@csibesz]$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      30

The same applies to CentOS 7 and RedHat EL 7: it is working without reboot.

Janos Feher
  • 71
  • 1
  • 1
6

Best way to disable SELinuxis by using following command:

sed -i 's/enforcing/disabled/g' /etc/selinux/config

OR

vi /etc/sysconfig/selinux, set selinux=disabled

OR

setenforce 0 && sestatus

Though in certain cases restart will be required.

AdminBee
  • 21,637
  • 21
  • 47
  • 71
Divyani Singh
  • 294
  • 2
  • 5
3

For CentOS 6 (not 7):

echo 0 > /selinux/enforce
Alexander
  • 9,607
  • 3
  • 40
  • 59
user169151
  • 41
  • 1