50.2.6. Enabling or Disabling Enforcement
setenforce
command to change between permissive and enforcing modes at runtime. Use setenforce 0
to enter permissive mode; use setenforce 1
to enter enforcing mode.
sestatus
command displays the current mode and the mode from the configuration file referenced during boot:
~]# sestatus | grep -i mode
Current mode: permissive
Mode from config file: permissive
~]#setenforce 1
~]#sestatus | grep -i mode
Current mode: enforcing Mode from config file: permissive
named
daemon and SELinux, you can turn off enforcing for just that daemon.
getsebool
command to get the current status of the boolean:
~]# getsebool named_disable_trans
named_disable_trans --> off
~]#setsebool named_disable_trans 1
~]#getsebool named_disable_trans
named_disable_trans --> on
Note
-P
option to make the change persistent across reboots.
~]# getsebool -a | grep disable.*on
httpd_disable_trans=1
mysqld_disable_trans=1
ntpd_disable_trans=1
setsebool
command:
setsebool -P httpd_disable_trans=1 mysqld_disable_trans=1 ntpd_disable_trans=1
togglesebool <boolean_name>
to change the value of a specific boolean:
~]#getsebool httpd_disable_trans
httpd_disable_trans --> off ~]#togglesebool httpd_disable_trans
httpd_disable_trans: active
Use the following procedure to change a runtime boolean using the GUI.
Note
- On themenu, point to and then click to display the Security Level Configuration dialog box.
- Click the SELinux tab, and then click Modify SELinux Policy.
- In the selection list, click the arrow next to the Name Service entry, and select the Disable SELinux protection for named daemon check box.
- Clickto apply the change. Note that it may take a short time for the policy to be reloaded.

Figure 50.1. Using the Security Level Configuration dialog box to change a runtime boolean.
setenforce(1)
, getenforce(1)
, and selinuxenabled(1)
commands.