How to control SELinux in CentOS 7

SELinux – when installed – can take on one of three modes:

  • Enforcing
  • Permissive
  • Disabled

To check which mode SELinux is running on, we can use either sestatus for a more detailed output, or simply getenforce for a one liner:

getenforce on the other hand will literally just say a single word, like “Enforcing”.

To change this mode, edit /etc/selinux/config:

Change the file according to the comments and restart the system for the changes to take effect.

setenforce command

If SELinux is running and either set to Enforcing or Permissive, you can change its mode on the fly without restarting the server using the setenforce command like so:

You won’t get any feedback if all goes well. Note that if SELinux is disabled, the setenforce command won’t work.

setenforce is practical if you’d like to change the SELinux policy only temporary and your settings will not be retained. So the next time you restart the server, SELinux will come back with whatever is set in /etc/selinux/config.

Find out more about SELinux and what it’s good for here:

  • https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part-1-basic-concepts
  • http://wiki.centos.org/HowTos/SELinux

Jay is the CEO and founder of WP Hosting, a boutique style managed WordPress hosting and support service. He has been working with Plesk since version 9 and is a qualified Parallels Automation Professional. In his spare time he likes to develop iOS apps and WordPress plugins, or draw on tablet devices. He blogs about his coding journey at http://wpguru.co.uk and http://pinkstone.co.uk.

One thought on “How to control SELinux in CentOS 7

Add your voice!