How to Disable SELinux for Apache on CentOS 6.x


I set up a new development environment using the recently released CentOS v6.1. For various reasons I prefer to switch off SELinux for the Apache Webserver. Coming from CentOS 5.x, I expected to be able to do this via the well known setsebool -P httpd_disable_trans 1. Much to my surprise, SELinux insisted on not knowing that boolean.

After some research, it looks like a change in upstream RHEL means using the semanage helper is now the way to achieve this*:

semanage permissive -a httpd_t

In case you cannot find it: It's in the policycoreutils-python package.

Please keep in mind that this is not a safe setting for production environments.

*) Well, not really. It just sets the mode for the httpd module from enforcing to permissive. I couldn't find a way to disable SELinux selectively without disabling it entirely via SELINUX=0 as kernel param. Still, this will allow you to do what you want.

Update: Looks like SE approves


Why not write new policies for httpds operations?
SE is a good thing.

2011-12-19 10:26 pm


@weadus: I didn't say SELinux were a bad thing. I just want to be able to honor my special needs on my development box. Before this, I often found myself setting all httpd_*-rules to "on" and chcon a lot of directories in my homedir. The method above accomplishes the same with a lot less hassle :)

2011-12-20 3:02 am


THANK YOU! Nobody else's "solutions" seemed to solve this problem. Oddly this only affected one of my directories under /var/www/html, my wordpress folder...

2012-05-23 3:23 am