• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

What are SELinux Modes and how to set them

By admin

SELinux Modes

SELinux runs in one of three modes (or states).

Enforcing

This is the default state that enforces SELinux security policy. Access is denied to users and programs unless permitted by SELinux security policy rules. All denial messages are logged as AVC (Access Vector Cache) Denials.

Permissive

This is a diagnostic state. The security policy rules are not enforced, but SELinux sends denial messages to a log file. This allows you to see what would have been denied if SELinux were running in enforcing mode.

Disabled

SELinux does not enforce a security policy because no policy is loaded in the kernel. Only DAC rules are used for access control.

Setting SELinux Modes

There are multiple ways of setting the SELinux mode. One way is to select the mode from the Status view in the SELinux GUI. You can also edit the main configuration file for SELinux, /etc/selinux/config. Set the mode by changing the SELINUX directive in this file. For example, to set the mode to enforcing:

# vim /etc/selinux/config
SELINUX=enforcing

The setenforce command is used to change between enforcing and permissive modes. Changes made with this command do not persist across reboots. To change to enforcing mode:

# setenforce 1

To change to permissive mode:

# setenforce 0

Display SELinux Mode

Use the getenforce command to view the current SELinux mode:

# getenforce 
Enforcing
Beginners Guide to SELinux
How to Disable or set SELinux to Permissive mode
How to Check whether SELinux is Enabled or Disabled
How to enable/disable SELinux Modes in RHEL/CentOS
Understanding SELinux Policies in Linux

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. CentOS / RHEL : How to remove used Physical Volume(PV) from Volume Group (VG) in LVM
  2. How to monitor the status of dm-multipathing and multipath devices (path groups) in Linux
  3. CentOS / RHEL 7 : How to Create and Remove the LVM Mirrors Using lvconvert
  4. How to Check if a Service Restart or Server Reboot is required After RPM Package Update (CentOS/RHEL/Fedora)
  5. How to recover deleted Logical volume (LV) in LVM using vgcfgrestore
  6. CentOS / RHEL : How to create new LVM based swap partition
  7. CentOS / RHEL : Configure yum automatic updates with yum-cron service
  8. How to create partitions inside loopback device
  9. CentOS / RHEL : Converting an Existing Root Filesystem to LVM Partition
  10. CentOS / RHEL : How to delete LVM volume

You May Also Like

Primary Sidebar

Recent Posts

  • How to set the default character set in MySQL and how to propagate it in a master-master replication scenario
  • “Connection reset by peer” – error while ssh into a CentOS/RHEL system with a specific user only
  • MySQL: how to figure out which session holds which table level or global read locks
  • Recommended Configuration of the MySQL Performance Schema
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary