Once we have a working SELinux system, we can choose how to use it:
- SELinux can operate in two different ways: Enforcing and Permissive.
- Let's check the current mode by using the getenforce command:
As we can see, SELinux is currently working in Permissive mode.
- Now, if we wish to toggle the mode, we can use the setenforce command:
When we run the preceding command with option 1, the mode changes to Enforcing.
- If we want to toggle back to Permissive mode, we can again use the setenforce command with option 0:
Now, the mode has changed back to Permissive.
- This change will not survive system reboot. If we want to change the mode permanently, we have to edit the /etc/selinux/config file and change the SELinux variable to what we want: enforcing, permissive or disabled.
- Whenever an application is misbehaving or not working as expected, as part of the troubleshooting, we should try toggling between SELinux modes (from Enforcing to Permissive, or vice versa). This will help us understand if the application works after changing to Permissive mode or not. If it does, then we know that it's an SElinux permission issue.