SELinux, which stands for Security Enhanced Linux, is an extra layer of security control built for Linux systems. SELinux has three possible modes in which it can be running. Depending on which mode it’s in will determine the behavior of SELinux. In this tutorial, we’ll show you how to check the SELinux operational mode.
In this tutorial you will learn:
- How to check SELinux operational mode
|Category||Requirements, Conventions or Software Version Used|
|System||Any Linux distro that uses SELinux|
|Other||Privileged access to your Linux system as root or via the
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of
$ – requires given linux commands to be executed as a regular non-privileged user
How to Check SELinux Operational Mode
SELinux has three possible modes that you could see when running the command. They are:
- Enforcing – SELinux is active and enforcing its policy rules.
- Permissive – SELinux permits every thing, but logs the events it would normally deny in enforcing mode.
- Disabled – SELinux is not enforcing rules or logging anything.
- The first way to check the current status of SELinux at any time is by executing the
On our test system, the screenshot above indicates that the “current mode” of SELinux is enforcing.
- An even easier way to quickly check the status is with the
getenforcecommand, which will only output the current mode of SELinux and nothing else.
$ getenforce Enforcing
And in the screenshot above, SELinux indicates that it has been disabled. That’s because we already changed the SELinux operational mode between screenshots.
Knowing the commands covered in this guide is very important if you plan to run SELinux on your system. You will find yourself verifying that SELinux is in the proper mode at least every once in a while. There may come a time when you need to switch it between enforcing and permissive, especially if you find that SELinux is interfering with the operating of some applications on your system.