O'Reilly logo

SELinux System Administration by Sven Vermeulen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SELinux on, SELinux off

We can toggle the SELinux state through the /etc/selinux/config file and reboot the system to have the changes being reflected. But this is not the only way.

Switching to permissive (or enforcing) temporarily

On most SELinux enabled systems, we can call the setenforce command to switch the system between permissive (0) and enforcing (1) mode. This takes effect immediately, allowing us to easily identify if SELinux is preventing access or not.

Try it out. Switch to the permissive mode and validate (again using sestatus, that the SELinux state has indeed been changed immediately as follows:

# setenforce 0

The effect of setenforce is the same as writing the value into the /sys/fs/selinux/enforce (or /selinux/enforce) pseudo file: ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required