This page is only designed as a memory-refresher. SElinux may be a complex thing to get right, if you are not familiar with it yet I highly encourage you to read Sven Vermeulen books.
SELinux state
To detect whether SELinux is enabled or not:
- From a script,
selinuxenableddoesn’t produce any output and its exit code gives SELinux status. - From an interactive prompt,
sestatusprovides more information.
SELinux main configuration file is /etc/selinux/config, it defines:
-
SELINUX=: SELinux state:-
enforcing: Enabled and block unauthorized actions (policy violations). -
permissive: Enabled, but only logs unauthorized actions and does not block them (useful for development and HIDS purposes). -
disabled: SELinux is completely disabled.Warning
If SELinux has been temporarily disabled (which is not recommended, there are usually cleaner ways to proceed), a global relabel will be required before re-enabling SELinux.
-
-
SELINUXTYPE=: The policy currently in use, available policies depend …