Red Hat Training

A Red Hat training course is available for RHEL 8

2.4. Enabling SELinux on systems that previously had it disabled

When you enable SELinux on systems that previously had it disabled, to avoid problems, such as systems unable to boot or process failures, follow this procedure:

Procedure

  1. Enable SELinux in permissive mode. For more information, see Changing to permissive mode.
  2. Restart your system:

    # reboot
  3. Check for SELinux denial messages.For more information, see Identifying SELinux denials.
  4. If there are no denials, switch to enforcing mode. For more information, see Changing SELinux modes at boot time.

Verification

  1. After the system restarts, confirm that the getenforce command returns Enforcing:

    $ getenforce
    Enforcing
注記

To run custom applications with SELinux in enforcing mode, choose one of the following scenarios:

  • Run your application in the unconfined_service_t domain.
  • Write a new policy for your application. See the Writing a custom SELinux policy section for more information.

Additional resources