We can change the SELinux modes from enforcing to permissive and vice versa during runtime by using the setenforce command. Before and after changing the SELinux mode, we must ensure the current mode by using the getenforce command.
SELinux can either be in an enabled or a disabled state. In order to check in which state it is running, we can make use of the getenforce command. There are two modes in which SELinux runs:
- Enforcing: This is the enabled state where all rules are applied.
- Permissive: In this state, SELinux will not deny any access; however, denials are logged.
setenforce Command Examples
1. To modify the SELinux mode to Enforcing:
# setenforce Enforcing # setenforce 1
2. To modify the SELinux mode to Enforcing:
# setenforce Permissive # setenforce 0
3. To see the help:
# setenforce --help
4. To display the current SELinux mode, use the following command:
# getenforce
5. To view detailed SELinux information, use the following command:
# sestatus
Conclusion
We can easily switch states between enforcing and permissive with the help of the setenforce command. To change to a permissive state, we use the setenforce 0 command, and to switch back to enforcing, we use the setenforce 1 command. However, the changes will not persist through reboots. In such a case, we can directly edit the configuration file located at /etc/selinux/config.