Lesson 9.4: Set enforcing and permissive modes for SELinux


Modes of SELinux

  • Enforcing
  • Permissive
  • Disabled

Changing SELinux Modes at Boot Time

On boot, you can set several kernel parameters to change the way SELinux runs:

  • enforcing=1 : Setting this parameter causes the machine to boot in enforcing mode.
  • enforcing=0 : Setting this parameter causes the machine to boot in permissive mode, which is useful when troubleshooting issues.
  • selinux=0 : This parameter causes the kernel to not load any part of the SELinux infrastructure.

Viewing the current mode of SELinux

[root@server ~]# getenforce Enforcing

Disabling SELinux

# Temporary Disabling [root@server ~]# setenforce 0 [root@server ~]# getenforce Permissive # Permanent Disabling [root@server ~]# vim /etc/sysconfig/selinux SELINUX=disabled # Change to required # Reboot the system to apply changes [root@server ~]# reboot

Enabling SELinux

# When the SELinux is set to disabled [root@server ~]# getenforce Disabled # Modify the configuration file [root@server ~]# vim /etc/sysconfig/selinux SELINUX=enforcing # Change to enforcing [root@server ~]# touch /.autorelabel [root@server ~]# reboot
All systems normal

© 2025 2023 Sanjeeb KC. All rights reserved.