How to control SELinux in CentOS and Fedora

- by

SELinux – when installed – can take on one of three modes:

  • Enforcing
  • Permissive
  • Disabled

To check which mode SELinux is running on, we can use either sestatus for a more detailed output, or simply getenforce for a one liner:


SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

getenforce on the other hand will literally just say a single word, like “Enforcing”.

To change this mode, edit /etc/selinux/config:

vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.

Change the file according to the comments and restart the system for the changes to take effect.

setenforce command

If SELinux is running and either set to Enforcing or Permissive, you can change its mode on the fly without restarting the server using the setenforce command like so:

// switch to permissive
setenforce permissive

// switch to enforcing
setenforce enforcing

// disable SELinux
setenforce 0

You won’t get any feedback if all goes well. Note that if SELinux is disabled, the setenforce command won’t work.

setenforce is practical if you’d like to change the SELinux policy only temporary and your settings will not be retained. So the next time you restart the server, SELinux will come back with whatever is set in /etc/selinux/config.

Find out more about SELinux and what it’s good for here:

If you enjoy my content, please consider supporting me on Ko-fi. In return you can browse this whole site witout any pesky ads! More details here.

1 thought on “How to control SELinux in CentOS and Fedora”

Add your voice!

This site uses Akismet to reduce spam. Learn how your comment data is processed.