CentOS: SELinux

SELinux is incredibly valuable as part of an overall Linux system security strategy. To sucessfully provision CentOS on our platform, we have disabled SELinux as shown with the sestatus command.

[[email protected] ~]# sestatus
SELinux status:                 disabled

Should your particular CentOS deployment require SELinux, you can easily enable it, as shown here:

yum install selinux-policy selinux-policy-targeted

Once policy is installed, you will want to simply create a file in the / called .autorelabel. To activate SELinux you must reboot the device.

shutdown -r now

Upon reaccessing the device, verify that SElinux is infact enable by running sestatus and you will see an output similar to the following:

[[email protected] /]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
[[email protected] /]#

NOTE: Should you need to reinstall the OS via our server reinstall feature, you MUST disable SELinux otherwise, the device will fail to reinstall.

To disable simply edit file /etc/selinux/config change enforcing to disabled and reboot the device. Upon reaccessing the device, you can then proceed with the server reinstall feature.

Was it helpful?