How To Change SELinux Mode

How To Change SELinux Mode

 

According to the official website of SELinux, “SELinux is a security enhancement to Linux which allows users and administrators more control over access control.”

For more information, visit https://selinuxproject.org/page/Main_Page

So SELinux is used to make a Linux system more secure than it already is by controlling access with special filesystem permissions. In this article you will learn how to change SELinux mode.

If your operating system has SELinux installed already and enabled, then as a newbie, you might face a lot of problems such as permission error on simple tasks. To get rid of this problem, you can change the mode of SELinux.

Let’s see how.

To follow this tutorial, I assume you have

    – A modern Linux operating system with SELinux installed such as CentOS 7 or RHEL 7.

    – Basic understanding of Linux command line.

 

THE MODES OF SELINUX:

So SELinux has 3 modes.

  1. disabled: In this mode, SELinux is disabled.
  2. permissive: In this mode, SELinux logs the error only on violation of SELinux permission.
  3. enforcing: In this mode, SELinux prevents access to the resources on permission violation.

 

WHICH MODE SHOULD I USE:

If you don’t like SELinux and think it’s a trouble. Then “disabled” is the mode you’re looking for.

If you like to run SELinux but don’t want it to restrict access to the resources, then “permissive” mode is for you.

If you want a super secure system, then “enforcing” mode is for you.

 

CHECK WHAT MODE YOU’RE ON:

To check the current mode of your SELinux installation, run the following command.

$ getenforce

getenforce

You can see from the output that, my current mode is “Enforcing”.

 

CHANGING THE MODE OF SELINUX:

To change the SELinux mode, open the SELinux configuration file with the following command.

$ sudo vim /etc/selinux/config

CHANGING THE MODE OF SELINUX

You can see “SELINUX=enforcing” line on the top of this file.

Change is to either “permissive” or “disabled” and save the file.

I am changing it to “permissive”.

permissive

Now reboot your system with the following command.

$ sudo shutdown -r now

Once your system boots up, you can check your current mode with the following command.

$ getenforce

You should see that your change took effect.

That’s how you change the mode of SELinux.