2.4. Enabling SELinux on systems that previously had it disabled
When you enable SELinux on systems that previously had it disabled, to avoid problems, such as systems unable to boot or process failures, follow this procedure:
- Enable SELinux in permissive mode. For more information, see Changing to permissive mode.
Restart your system:
- Check for SELinux denial messages.For more information, see Identifying SELinux denials.
- If there are no denials, switch to enforcing mode. For more information, see Changing SELinux modes at boot time.
After the system restarts, confirm that the
$ getenforce Enforcing
To run custom applications with SELinux in enforcing mode, choose one of the following scenarios:
Run your application in the
- Write a new policy for your application. See the Writing a custom SELinux policy section for more information.
- SELinux states and modes section covers temporary changes in modes.