FreeKB - Modes (enforcing permissive disabled)
SELinux - Modes (enforcing permissive disabled)

SELinux has 3 modes.

  • Enforcing
  • Disabled
  • Permissive (running but not enforcing)

 

The sestatus command can be used to determine if SELinux is enforcing, permissive, or disabled.


Temporary change

Setenforce Permissive or Setenforce Enforcing can be used to temporarily change the SELinux enforcing policy. If the machine is rebooted, the machine will return to the default SELinux policy. The setenforce command updates the /sys/fs/selinux/enforce file to have a 0 (permissive) or a 1 (enforcing).

~]# setenforce Permissive
~]# setenforce Enforcing

 

Or, the setenforce 0 command can be used to temporarily set SELinux to permissive for the entire system, or setenforce 1 for enforcing.

~]# setenforce 0
~]# setenforce 1

 

The policy can also be modified for a single daemon.

~]# setenforce 0 daemon_name
~]# setenforce 1 daemon_name

 


Permanent change

Selinux can permanently be set to enabling, permissive, or disabled for all daemons by editing the /etc/selinux/config file.

SELINUX=enforcing

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter e2c9a in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |