When you do configure system in linux centos or redhat, it’s have the SElinux that are provided the critical security purpose for the system. The Selinux will be permit or denying access to files or other content significantly more than the user permissions. For the example if you configure the http web server with custom directory, it must be defined in SElinux so that those directory can be access for http content. If not defined in SElinux, then SElinux will be denying those directory access and many more.
SElinux has three mode :
- Enforcing : This mode is active and and will be enforcing access control rules. The default system use this mode.
- Permissive : This mode is active but instead of enforcing access control rules. It will record warnings for rules that are have violatile. This mode usually using for testing and troubleshooting.
- Disable : SElinux mode will be disable and it no record the warnings anything rules.
For check the selinux mode you can use getenforce command.
For practice change selinux mode, use setenforce command.
# setenforce SelinuxMode
But that no persistent configuration. When the system reboot it will back to preceding configuration. For do change persistent configuration SElinux mode, you must configure in /etc/selinux/config .
For Example the default selinux mode is Enforcing, then you will changes the default mode with Permissive .
# vim /etc/selinux/config
Changes SELINUX config with Permissive.
Save configuration and then reboot your system
# systemctl reboot
After reboot, check the SELinux status.
The changes of SElinux configuration has been persistent when system rebooted or when system power on.