6.5.2 Changing the SELinux Mode
SELinux supports enforcing, permissive, and disabled modes. Enforcing mode is the default. Permissive mode allows operations that are not permitted in enforcing mode and logs those operations to the SELinux audit log. Permissive mode is typically used when developing policies or troubleshooting. In disabled mode, polices are not enforced, and contexts are not applied to system objects, which makes it difficult to enable SELinux later.
To view the current SELinux mode, use the sestatus command mentioned previously or the getenforce utility.
shell> getenforce Enforcing
To change the SELinux mode, use the
shell> setenforce 0 shell> getenforce Permissive
shell> setenforce 1 shell> getenforce Enforcing
Changes made with setenforce are lost when you restart the system. To permanently change the SELinux mode, edit the
/etc/selinux/config file and restart the system.