SELinux comes with three different types of operational modes which all can by set temporarily using tool setenforce or directly by editing SELinux configuration file.

  • enforcing
  • permissive
  • disabled

SELinux in disabled operational mode does not enforce any security rules or policies as it is simply disable and security checks are done only by traditional Discretionary Access Controls. Permissive mode allows for testing new deployments as in effect it simply behaves like disabled operational mode, however it logs any potentially denied access to a relevant log files thus allowing further testing and troubleshooting before the operational mode is switched to enforcing. Lastly, the enforcing mode all security policy rules a enforced. To change SELinux operaitonal mode from enforcing to permissive and vice versa use setenforce command. Check current operational mode status:

# getenforce 
Permissive

Toggle from permissive to enforcing:

# setenforce 1
# getenforce 
Enforcing

Note, that setenforce mode only accepts Boolean type 0 or 1 and is capable to change only between permissive or enforcing operation mode. To change SELinux operational mode to disabled, the SELinux /etc/selinux/config configuration file needs to be amended by setting SELINUX directive to disabled

SELINUX=disabled

To allow this change to take effect system reboot is required.

Free Linux eBooks

Do you have the right skills?

Our IT Skills Watch page reflects an up to date IT skills demand leaning towards the Linux and Unix environment. We have considered a number of skills and operating systems.

See the result...

Linux Online Training

Learn to run Linux servers and prepare for LPI certification with Linux Academy. 104 available video lessons with PDF course notes with your own server!

Go to top