You can check the current SELinux status with:
getenforce
You can also look at
/etc/selinux/config, which will tell you the status at boot time. This does not necessarily mean that it is the current SELinux status, because you can switch it off on the fly by issuing the following command:
echo 0 >/selinux/enforce
or this command:
setenforce 0
Similarly, you can switch it back on with:
echo 1 >/selinux/enforce
or this command:
setenforce 1
Let's get back on track and look at the objective. You'll need to set the appropriate value for this line in the
/etc/selinux/config file. So for enforcing mode, you'll have:
SELINUX=enforcing
and for permissive you'll have:
SELINUX=permissive
In development/test permissive mode should be used, so that you can diagnose and fix failures, in production you should use enforcing.
No comments:
Post a Comment