setenforce Command Generator
Generate setenforce commands to toggle the SELinux mode
Getting Started with setenforce
## What is setenforce?
The `setenforce` command switches the **running** SELinux mode between `Enforcing` and `Permissive` without a reboot. It accepts either a numeric value (`1` or `0`) or the matching word (`Enforcing` / `Permissive`). This is a runtime change only — it does not survive a reboot.
## How to Use
1. **Choose Mode**: Pick `1` / `Enforcing` to enforce policy, or `0` / `Permissive` to log denials without blocking them. 2. **Run as Root**: Execute the generated command with `sudo` or as root. 3. **Verify**: Run `getenforce` to confirm the new mode is in effect. 4. **Copy & Run**: Copy the generated command into your terminal.
> To make the change persistent across reboots, set `SELINUX=enforcing` (or `permissive`) in `/etc/selinux/config`. `setenforce` cannot enable SELinux if it was disabled at boot.
Common Options
### `1` or `Enforcing` Switch the running SELinux mode to Enforcing — policy violations are blocked and logged. This is the secure default for production servers.
### `0` or `Permissive` Switch the running mode to Permissive — policy violations are logged but allowed. Useful for troubleshooting a service that SELinux is blocking: switch to Permissive, reproduce the issue, then inspect `/var/log/audit/audit.log` with `audit2why`.
▶Does setenforce survive a reboot?
▶I set it to Enforcing but getenforce still says Disabled — why?
▶When should I temporarily use Permissive?
If this tool has been helpful to you, consider buying me a coffee.
Buy me a coffee