SELinux supports enforcing, permissive, and disabled modes. Enforcing mode is the default. Permissive mode allows operations that are not permitted in enforcing mode and logs those operations to the SELinux audit log. Permissive mode is typically used when developing policies or troubleshooting. In disabled mode, polices are not enforced, and contexts are not applied to system objects, which makes it difficult to enable SELinux later.
To view the current SELinux mode, use the sestatus command mentioned previously or the getenforce utility.
shell> getenforce Enforcing
To change the SELinux mode, use the
shell> setenforce 0 shell> getenforce Permissive
shell> setenforce 1 shell> getenforce Enforcing
Changes made with setenforce are lost when you
restart the system. To permanently change the SELinux mode, edit
/etc/selinux/config file and restart the