SELinux runs in one of three modes:

Disabled

The kernel uses only DAC rules for access control. SELinux doesn't enforce any security policy because no policy is loaded into the kernel.

Enforcing

The kernel denies access to users and programs if they aren't granted permissions by SELinux security policy rules. All denial messages are logged as AVC (Access Vector Cache) denials. This is the default mode that enforces SELinux security policy.

Permissive

The kernel doesn't enforce security policy rules but SELinux sends denial messages to a log file. In this manner, you can see what actions would have been denied if SELinux were running in enforcing mode. This mode is intended to be used for diagnosing the behavior of SELinux.

To display current SELinux mode:

getenforce

sudo setenforce enforcing

sudo setenforce permissive

The current value that you set for a mode using setenforce doesn't persist across reboots. To configure the default SELinux mode, edit the configuration file for SELinux, /etc/selinux/config, and set the value of the SELINUX directive to disabled, enforcing, or permissive.