• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

What are SELinux Modes and how to set them

by admin

SELinux Modes

SELinux runs in one of three modes (or states).

Enforcing

This is the default state that enforces SELinux security policy. Access is denied to users and programs unless permitted by SELinux security policy rules. All denial messages are logged as AVC (Access Vector Cache) Denials.

Permissive

This is a diagnostic state. The security policy rules are not enforced, but SELinux sends denial messages to a log file. This allows you to see what would have been denied if SELinux were running in enforcing mode.

Disabled

SELinux does not enforce a security policy because no policy is loaded in the kernel. Only DAC rules are used for access control.

Setting SELinux Modes

There are multiple ways of setting the SELinux mode. One way is to select the mode from the Status view in the SELinux GUI. You can also edit the main configuration file for SELinux, /etc/selinux/config. Set the mode by changing the SELINUX directive in this file. For example, to set the mode to enforcing:

# vim /etc/selinux/config
SELINUX=enforcing

The setenforce command is used to change between enforcing and permissive modes. Changes made with this command do not persist across reboots. To change to enforcing mode:

# setenforce 1

To change to permissive mode:

# setenforce 0

Display SELinux Mode

Use the getenforce command to view the current SELinux mode:

# getenforce 
Enforcing
Beginners Guide to SELinux
How to Disable or set SELinux to Permissive mode
How to Check whether SELinux is Enabled or Disabled
How to enable/disable SELinux Modes in RHEL/CentOS
Understanding SELinux Policies in Linux

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. Zenoss Core Installation & Configuration on CentOS/RHEL 6.X
  2. macchanger: command not found
  3. Unable to Start RDMA Services on CentOS/RHEL 7
  4. What does refid value “.LOCL.” mean in NTP
  5. lpr Command Examples in Linux
  6. dockerd: command not found
  7. lrunzip Command Examples in Linux
  8. What are the Types of DNS Servers
  9. CentOS/RHEL: Mount Command Fails With “mount: does not contain SELinux labels”
  10. How to query and modify kernel parameters using sysctl (Immediately and persistently) in CentOS / RHEL

You May Also Like

Primary Sidebar

Recent Posts

  • protonvpn-cli Command Examples in Linux
  • protonvpn-cli connect Command Examples
  • procs Command Examples in Linux
  • prlimit: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright