Setting SELinux Modes

SELinux runs in either enforcing or permissive mode:

enforcing: The kernel denies access to users and programs if they aren't granted permissions by SELinux security policy rules. All denial messages are logged as AVC (Access Vector Cache) denials. This is the default mode.
permissive: The kernel doesn't enforce security policy rules but SELinux sends denial messages to a log file. This lets you see what actions would be denied if SELinux is running in enforcing mode. Use this mode to help you implement SELinux in a system effectively.

To display the current SELinux mode, run the following command:

getenforce

To set the current mode to enforcing, run the following command:

sudo setenforce enforcing

To set the current mode to permissive, run the following command:

sudo setenforce permissive

Note:

The value that you set for a mode using setenforce doesn't persist across reboots. To configure the default SELinux mode, edit the configuration file for SELinux, /etc/selinux/config, and set the value of the SELINUX directive to enforcing, or permissive.