SELinux is a set of security rules that determine which process can access which files, directories and ports. A primary goal of SELinux is to protect user data from system service that have been compromised.
SELinux Modes
- Enforcing Mode
- Permissive Mode
- Disabled Mode
Permissive Mode: Permissive mode is used to issue troubleshooting. In permissive mode, SELinux allows all interactions, even if there is no explicit rule. This mode can be used to temporarily allow access to the content that SELinux is restricting.
Disabled Mode: In this mode, SELinux completely disabled.
How to check current SELinux mode
getenforce command is used to check current status of SELinux mode.Changing current SELinux mode
The setenforce command modifies the current SELinux mode.setenforce 0 or 1
0 means Enforcing mode and 1 means Permissive mode.
Setting the Default SELinux mode
The configuration file that determines what SELinux mode is at boot time /etc/selinux/config. In this configuration file you will see SELINUX=enforcing. Change SELinux mode to SELINUX=Permissive if you want to set to Permissive mode.
Conclusion:
- Policy rules are obeyed and violations logged: Enforcing Mode
- Policy rule violations only produce log messages: Permissive Mode
- A reboot is required to transition to this mode: Disabled Mode
- Label on processes, files, and ports that determine access: Context
