SELinux — Making it a Little Easier for Web

A SELinux tutorial for your web site and web apps, the easy way — and why you shouldn’t disable SELinux.

If you’ve ever configured a server using a stock CentOS image, then you’ve likely run into SELinux. You might have run into this thing that seemed to block everything you were trying to do, thrown your hands up and decided to Google, “how to disable SELinux”. STOP. Don’t do that.

[You threw your hands up] and decided to Google, “how to disable SELinux”. STOP. Don’t do that.

What is SELinux, and why is it slowing me down?

The “SE” in SELinux stands for “Security-Enhanced” — and for good reason. I could probably write books about all the security aspects of a Linux system that can be managed by SELinux, but the important thing to know is that SELinux is like a watch-dog with nano-level focus on every part of your system in Linux. It prevents unauthorized changes to files and directories and also prevents various protocols like HTTP and SSH from being used by various services and applications unless you explicitly allow that action.

That said, it can seem like kind of a pain to get SELinux to play well with the things you’re trying to use in your CentOS system, and…