How To Enable SELinux

SELinux SELinux

If you’re using RedHat or CentOS Linux distros (or sporting a Fedora Linux desktop), you probably have SELinux enabled by default. But if it’s been disabled for some reason and you want it back – here’s how you can enable SELinux in your Linux system.

Confirm current SELinux mode

Run the getenforce command to confirm that SELinux is actually disabled:

[[email protected] ~]# getenforce

Check SElinux status with sestatus

sestatus normally shows verbose SElinux status information, but if SELinux is disabled, you’ll only get one line of output, like this:

[email protected] ~]# sestatus
SELinux status: disabled
[[email protected] ~]#

If sestatus shows that SELinux is disabled, you’ll need to enable it via /etc/selinux.png/config file and reboot the server as shown below.

Permanently Enable SELinux

Do the following two steps to enable SELinux:

  1. Update /etc/selinux/config file (change SELINUX=disabled to SELINUX=enforcing)
  2. Reboot your Linux system (shutdown -r now) Once your server comes back online, run sestatus again to make sure SElinux is enabled now:
[[email protected] ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux.png
SELinux root directory: /etc/selinux.png
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31

See Also

Keep Learning with Me

Follow me on Facebook and Twitter or jump into Telegram chat!:
Recommended Software
I use Brave browser, it's awesome: Brave Browser I'm also a fan of SetApp for macOS: SetApp for macOS
IT Consultancy
I'm a principal consultant with Tech Stack Solutions. I help with cloud architectrure, AWS deployments and automated management of Unix/Linux infrastructure. Get in touch!

Recent Tweets