How to Change SELinux modes
Written by A.Jesin Monday, 2 May 2011 09:40
The SELinux (Security Enhanced Linux) is a feature of Linux operating systems which bullet poofs your system against security holes even if you accidentally chmod a file or directory to 777. It uses file contexts to find which files belongs to what type. SELinux operates in many different modes and this article I’ll show you how to switch between these modes temporarily or permanently. I’ll also show you how to disable selinux completely, but be warned do not do this unless you know what you’re doing.
SELinux modes
Enforcing – This is the default mode, all selinux contexts and policies are enforced and policy violations are both blocked and logged.
Permissive – This mode can be used for debugging, doesn’t enforce the policy but policy violations are logged in /var/log/audit/audit.log
Disabled – SELinux is completely turned off and nothing is logged, this is the most insecure mode.
Changing modes with setenforce
the setenforce command can be used to temporarily set the SELinux mode, when the system is restarted the previous mode comes to place
setenforce 0
Sets selinux mode to permissive
setenforce 1
Sets selinux mode to enforcing
getenforce
Displays the current selinux mode
Permanently changing the selinux mode
Open the file /etc/selinux/config with a text editor and locate and change
SELINUX=mode
to any of the following
SELINUX=enforcing
SELINUX=permissive
SELINUX=disabled
The last mode disables SELinux entirely so use it with caution
Also read:
