Disable SELinux Permanently


SELinux canĀ  be disabled temporarily and permanently based on our requirement.

Here I will show how to disable SELinnux temporarily and permanently.

To Disable SELinux Temporarily:

Login as root and run following command

$ setenforce 0

By default SELinux is enabled if it’s installed.

If we run setenforce 0 command SELinux will disabled until next reboot.

To Disable SELinux permanently:

To disable SELinux permanently we need to update file /etc/sysconfig/selinux.

Default configurations in /etc/sysconfig/selinux looks like below after disabling SELinux:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.

The only line we modify in above config is SELINUX=disabled. This configuration will disable SELinux on boot.



(13)Permission denied: proxy: HTTP: attempt to connect to (localhost) failed

(13)Permission denied: proxy: HTTP: attempt to connect to (localhost) failed – this error is because of httpd/apache2 has been denied permission to connect to IP address and port.

Main reason for this error is SELinux. Here SELinux notĀ permitting httpd/apache2 to make network connections.

To resolve it, you need to change an SELinux boolean value (which will automatically persist across reboots). You may also required to restart httpd/apache2 to reset the proxy worker, although this isn’t strictly required.

Run either of following command to allow SELinux to permit httpd/apache2 to make network connections:

$ /usr/sbin/setsebool httpd_can_network_connect 1


$ /usr/sbin/setsebool httpd_can_network_connect true

Then restart httpd/apache2.