Skip to main content

SELinux

Resources

Red Hat Docs GitHub Blog Developer Skills

Questions

Why does selinux allow you to write indicitual domains to permissive mode while the system is in enforcing mode?

Possible so that you can test the addition of a new domain without adding it straight to the enabled mode where it will be enforced.

Configuration for selinux settings

/etc/sysconfig/selinux

Modes & Setting modes

Tells you what mode selinux is currently running in

getenforce

Enforcing, selinux is enabled
Permissive, selinux is running, but will not apply any of it's permissions. This is useful for debugging and configuration.
Disabled, selinux is not running, not loaded and will not have any affect on the system. Tools like restorecon do not work in this mode, as the contexts need to be loaded.

To set the mode to permissive the following command takes 0|Permissive as arguments.

setenforce 0

Permissive

To set the mode to enforcing|1.

setenforce 1

Resources
Questions
Configuration for selinux settings
Modes & Setting modes