SELINUX: Set enforcing and permissive modes for SELinux.

Share this link

Note: This is an RHCSA 7 exam objective.


SELinux stands for Security-Enhanced Linux. It is a way to improve the server security.

The /etc/selinux/config file stores the current configuration:

# more /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.

SELinux can run in three different modes (enforcing, permissive and disabled) well described in the above file.
Besides the mode, there is a SELinux type (targeted, minimum and mls). Except if you work in a military agency, you will never need to change the targeted type.


To get the current SELinux status:

# sestatus

To set enforcing mode, type:

# setenforce enforcing

To make this change permanent, edit the /etc/sysconfig/selinux file (or the /etc/selinux/config file) and replace the following value:


Alternatively, to set permissive mode, type:

# setenforce permissive

To make this change permanent, edit the /etc/sysconfig/selinux file (or the /etc/selinux/config file) and replace the following value:


To make the reboot mandatory to change the configuration (-P can be added but with caution), type:

# setsebool secure_mode_policyload on

Additional Resources

Also, you can:

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Leave a Reply

Please Login to comment
2 Comment threads
4 Thread replies
Most reacted comment
Hottest comment thread
4 Comment authors
redhat0329timleeCertDepotchrisman Recent comment authors
newest oldest
Notify of

I would like to ask the following because I have searched the web for a long time but I can’t find info.
How can I find which types of context can be accessed by the httpd_t domain for example?
Of course I am not meaning these that are at the /var/www
Thanks in Advance and I am sorry for the too many questions.


If in the exam, I am asked to set SELinux to enforcing, can I do it at the end? How will it affect my other configurations?

Upcoming Events (Local Time)

  1. Feb

    1. 8:30 am - View Details
      CentOS: Dojo, Brussels, Belgium.

RHCSA7: Task of the day

Allowed time: 5 minutes.
Configure a cron task to write the uptime at 2PM every day.

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a default secure MariaDB database called maria and back up the database with mysqldump.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...