As the name implies, SELinux or Security Enhanced Linux enhances the security of your system. It adds another security layer to your machine by using the Media Access Control mechanism in the Linux kernel.
Suppose there is a file created by the root user but you want Karim, the normal user read and write operation on that file. This is an example of Discretionary Access Control which depends on the discretion of root user. Mandatory Access Control are predefined rules and policies in the system.
Suppose you employ a watchman who is sitting in front of your house. You ask him to allow a good man enter the house and do not allow a bad man to enter the house. You do not provide him a book which defines a good or bad man. It depends on the discretion of watch man to allow or do not allow anybody enter the house. This is an example of standard Discretionary Access Control.
In SELinux, files and directories are referred to as objects. Command a user is running is called subject. Most of the operating system uses Discretionary Access Control but Linux/Unix uses Mandatory Access Control.
SElinux when enabled can be either in enforcing or permissive modes. In this article, we will tell you how you can change SELinux modes in Red Hat Enterprise Linux 9.
Changing SELinux mode to Permissive in Red Hat Enterprise Linux 9
Open the terminal and edit the configuration file located at /etc/selinux/. I am working with nano editor, I would run:
sudo nano /etc/selinux/config
To change the mode to permissive, locate SELINUX word in the file and assign a value ‘permissive’.
Reboot the system.
reboot
Check the SELinux status it should now be permissive.
sestatus
You can see from the above screenshot, the SELinux mode is permissive.
Changing SELinux mode to enforcing
To change it to enforcing, open the file /etc/selinux/config and assign the value enforcing to SELINUX and then reboot the system.
Conclusion
To change the SELinux modes in Red Hat Enterprise Linux 9, all you have to do is to change the SELINUX value in the /etc/selinux/config file and then reboot the system.
Happy Linux administration!
