Operation and Maintenance
Linux Operation and Maintenance
How to disable SELinux temporarily or permanently in Linux
How to disable SELinux temporarily or permanently in Linux
Check SELinux status with sestatus to confirm current mode. 2. Temporarily disable enforcement using setenforce 0, which takes effect immediately but does not persist after reboot. 3. For permanent disable, edit /etc/selinux/config, set SELINUX=disabled, then reboot. 4. Verify final status post-reboot with sestatus to ensure it shows "disabled".
Sometimes SELinux can interfere with application behavior or service configuration, especially during development or testing. You might need to disable it temporarily or permanently depending on your use case. Here's how to do both safely and correctly.
Check Current SELinux Status
Before making changes, verify SELinux is enabled and see its current mode:
sestatusThis command shows whether SELinux is in enforcing, permissive, or disabled mode. Enforcing means active protection; permissive logs violations but doesn’t block actions.
Disable SELinux Temporarily (Until Reboot)
To turn off enforcement without rebooting:
setenforce 0This switches SELinux to permissive mode immediately. It’s useful for troubleshooting. To re-enable it later:
setenforce 1Note: This change doesn’t survive a reboot. Use it when you're testing services or debugging permission issues.
Disable SELinux Permanently
To disable SELinux across reboots, edit the configuration file:
sudo vi /etc/selinux/configFind the line:
SELINUX=enforcingChange it to:
SELINUX=disabledSave and exit. The change takes effect after reboot. Alternatively, some systems use /etc/sysconfig/selinux, which is typically a symlink to the same config file.
Verify After Reboot
After restarting, confirm SELinux is fully disabled:
sestatusYou should see:
SELinux status: disabledIf it still shows "enabled", double-check the config file spelling and ensure no typos like disable instead of disabled.
Disabling SELinux reduces system security, so only do it if absolutely necessary and understand the risks. In production environments, consider using permissive mode or adjusting policies instead.
Basically, just toggle with setenforce for temporary relief, or edit /etc/selinux/config to turn it off permanently.
The above is the detailed content of How to disable SELinux temporarily or permanently in Linux. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undresser.AI Undress
AI-powered app for creating realistic nude photos
ArtGPT
AI image generator for creative art from text prompts.
Stock Market GPT
AI powered investment research for smarter decisions
Hot Article
Popular tool
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
20522
7
13634
4
![How to install Redis cluster on Linux_Linux distributed cache deployment solution [Advanced]](https://img.php.cn/upload/article/202602/08/2026020819395340210.jpg)
How to install Redis cluster on Linux_Linux distributed cache deployment solution [Advanced]
Feb 08, 2026 pm 07:39 PM
The Redis6 cluster must be created with redis-cli--cluster. It requires a minimum of 3 masters and 3 slaves, a total of 6 nodes. The client port and the corresponding cluster bus port (10000) must be opened. Correct configuration but blocked ports is a common cause of failure.
How to import SQL files in mysql_mysql SQL file import method
Feb 09, 2026 pm 05:24 PM
The most common and reliable way to import SQL files into MySQL is the command line tool mysql, which supports cross-platform, high efficiency and stability, and is suitable for files of all sizes. It can also be executed in the client through the source command, or using graphical tools such as phpMyAdmin and MySQL Workbench.
![How to check system vulnerabilities in Linux_Linux installation and use of security scanning tools [Plan]](https://img.php.cn/upload/article/202602/08/2026020820223270626.jpg)
How to check system vulnerabilities in Linux_Linux installation and use of security scanning tools [Plan]
Feb 08, 2026 pm 08:22 PM
Linux systems need to use third-party tools for security scanning; lynis is suitable for lightweight local auditing, openvas must be deployed with Docker, nmap and nessus cannot be automatically connected, and the effectiveness of scanning depends on credentials, settings and feed updates.
![How to check the kernel version in Linux_Linux query system kernel uname command [Basic]](https://img.php.cn/upload/article/202602/08/2026020819483069387.jpg)
How to check the kernel version in Linux_Linux query system kernel uname command [Basic]
Feb 08, 2026 pm 07:48 PM
uname-r is the most accurate and quick way to obtain the current kernel version number. It only outputs the release field such as 6.1.0-22-amd64, without redundant information, which is convenient for script parsing; other commands such as uname-v, uname-a or /proc/version have their own uses but are not specifically used for version extraction.
![How to check the MAC address of the network card in Linux_Linux obtains the physical network card information [Notes]](https://img.php.cn/upload/article/202602/08/2026020820250847002.jpg)
How to check the MAC address of the network card in Linux_Linux obtains the physical network card information [Notes]
Feb 08, 2026 pm 08:25 PM
The most reliable way is to use the iplinkshow command, because it is compatible with old and new kernels, has clear output, and does not confuse virtual interfaces; the MAC address is located after the link/ether line and can be accurately extracted with grep.
How to diagnose mysql query performance bottleneck_mysql performance analysis method
Feb 08, 2026 am 09:45 AM
Slow query optimization requires four layers of troubleshooting: "Log → Execution Plan → System Indicators → Configure Hardware": first open slow_query_log to capture queries that exceed 1 second; then use EXPLAIN to analyze type, key, rows and Extra; then check sar, buffer pool hit rate, lock wait and number of connections; finally examine innodb_flush_method, redolog size, large field storage and network architecture.
![How to install the GCC compiler on Linux_Essential environment for Linux source code compilation [Tutorial]](https://img.php.cn/upload/article/202602/08/2026020820281635667.jpg)
How to install the GCC compiler on Linux_Essential environment for Linux source code compilation [Tutorial]
Feb 08, 2026 pm 08:28 PM
Using sudoaptinstallbuild-essential is the fastest under Ubuntu/Debian. It automatically installs gcc, g, make, libc6-dev, etc.; only installing gcc will report an error that stdio.h does not exist due to a missing header file.
Ultimate solution to ZAP installation failure: Why you must install JDK and not just JRE
Feb 08, 2026 am 11:15 AM
When ZAP (ZedAttackProxy) is installed, it prompts "Java 64-bit file not found." The root cause is not that Java is not installed, but that the JRE that only contains the running environment is mistakenly installed; ZAP actually relies on JDK11 (such as JDK21) because it requires the use of development components such as compilers and debugging tools.
