Lesson 9.4: Set enforcing and permissive modes for SELinux

Modes of SELinux

  • Enforcing
  • Permissive
  • Disabled

Changing SELinux Modes at Boot Time

On boot, you can set several kernel parameters to change the way SELinux runs:

  • enforcing=1 : Setting this parameter causes the machine to boot in enforcing mode.
  • enforcing=0 : Setting this parameter causes the machine to boot in permissive mode, which is useful when troubleshooting issues.
  • selinux=0 : This parameter causes the kernel to not load any part of the SELinux infrastructure.

Viewing the current mode of SELinux

 
[root@server ~]# getenforce 
Enforcing

Disabling SELinux

 
# Temporary Disabling
[root@server ~]# setenforce 0
[root@server ~]# getenforce 
Permissive
 
# Permanent Disabling
[root@server ~]# vim /etc/sysconfig/selinux 
SELINUX=disabled    # Change to required
 
# Reboot the system to apply changes
[root@server ~]# reboot

Enabling SELinux

 
# When the SELinux is set to disabled
[root@server ~]# getenforce 
Disabled
 
# Modify the configuration file 
[root@server ~]# vim /etc/sysconfig/selinux 
SELINUX=enforcing       # Change to enforcing 
 
[root@server ~]# touch /.autorelabel
[root@server ~]# reboot
All systems normal

© 2025 2023 Sanjeeb KC. All rights reserved.