Lesson 9.4: Set enforcing and permissive modes for SELinux
Modes of SELinux
- Enforcing
- Permissive
- Disabled
Changing SELinux Modes at Boot Time
On boot, you can set several kernel parameters to change the way SELinux runs:
- enforcing=1 : Setting this parameter causes the machine to boot in enforcing mode.
- enforcing=0 : Setting this parameter causes the machine to boot in permissive mode, which is useful when troubleshooting issues.
- selinux=0 : This parameter causes the kernel to not load any part of the SELinux infrastructure.
Viewing the current mode of SELinux
[root@server ~]# getenforce Enforcing
Disabling SELinux
# Temporary Disabling [root@server ~]# setenforce 0 [root@server ~]# getenforce Permissive # Permanent Disabling [root@server ~]# vim /etc/sysconfig/selinux SELINUX=disabled # Change to required # Reboot the system to apply changes [root@server ~]# reboot
Enabling SELinux
# When the SELinux is set to disabled [root@server ~]# getenforce Disabled # Modify the configuration file [root@server ~]# vim /etc/sysconfig/selinux SELINUX=enforcing # Change to enforcing [root@server ~]# touch /.autorelabel [root@server ~]# reboot