50.2.12. Useful Commands for Scripts

The following is a list of useful commands introduced with SELinux, and which you may find useful when writing scripts to help administer your system:
getenforce
This command returns the enforcing status of SELinux.
setenforce [ Enforcing | Permissive | 1 | 0 ]
This command controls the enforcing mode of SELinux. The option 1 or Enforcing tells SELinux to enter enforcing mode. The option 0 or Permissive tells SELinux to enter passive mode. Access violations are still logged, but not prevented.
selinuxenabled
This command exits with a status of 0 if SELinux is enabled, and 1 if SELinux is disabled.
~]# selinuxenabled
~]# echo $?
0
getsebool [-a] [boolean_name]
This command shows the status of all booleans (-a) or a specific boolean (<boolean_name>).
setsebool [-P] <boolean_name> value | bool1=val1 bool2=val2 ...
This command sets one or more boolean values. The -P option makes the changes persistent across reboots.
togglesebool boolean ...
This command toggles the setting of one or more booleans. This effects boolean settings in memory only; changes are not persistent across reboots.