Switch Off/On SELinux Enforcement

SELinux (Security-enhanced Linux) is an access control implementation for the Linux kernel. As an administrator, you define rules in user space and if the Linux kernel has been compiled with SELinux support, those rules will be adhered to by the kernel.

  • It is designed to protect the server against misconfigurations and/or compromised daemons.
  • It put limits and instructs server daemons or programs what files they can access and what actions they can take by defining a security policy.

SELinux runs in any one of the following mode:

  • enforcing : SELinux security policy is enforced.
  • permissive : SELinux prints warnings instead of enforcing.
  • disabled : SELinux is fully disabled.

1) We can temporarily switch off SELinux enforcement using following command:

   # echo 0 >/selinux/enforce

Now check if it set to “permissive” mode using following command:

   # sestatus
     SELinux status:                 enabled
     SELinuxfs mount:                /selinux
     Current mode:                   permissive
     Mode from config file:          enforcing
     Policy version:                 24
     Policy from config file:        targeted

2) We can temporarily switch on SELinux enforcement using following command:

   # echo 1 >/selinux/enforce

Now check if it set to “enforcing” mode using following command:

   # sestatus
     SELinux status:                 enabled
     SELinuxfs mount:                /selinux
     Current mode:                   enforcing
     Mode from config file:          enforcing
     Policy version:                 24
     Policy from config file:        targeted