How to Set SELinux to Permissive Mode

SELinux (Security-Enhanced Linux) is an implementation of a compulsory access control system that can work in parallel with the classic selective access control system. The permissive mode in SELinux represents three specific categories of SELinux modes, whereas in general, we can say that in any particular case SELinux will be either “enabled” or “disabled”. These “Enforcing” and “Permissive” modes fall under the “Enabled” category. That is, this means that whenever SELinux is enabled, it will either run in forced mode.

Methods to Install SELinux in Permissive Mode on CentOS 8

Before moving on to the Permissive method, it’s always a good idea to check the default SELinux state by running the following command in your terminal:


Executing this command will return the current SELinux mode and it will be “Permissive” as shown in the image below. However, as soon as you reboot your system, SELinux will return to forced execution mode.

Method to Temporarily Install SELinux in Permissive Mode in CentOS 8

This installation method means that this mode will only be enabled for the current session, and as soon as you restart your system, SELinux will return to its default operating mode, which is “Enforcing” mode. To enable this mode, you need to run the following command on your CentOS 8 terminal:

sudo setenforce 0

By setting the “setenforce” flag to “0”, we are essentially changing its value to “Permissive” from “Enforcing”. Running this command will not display any output. Now, to check if SELinux is set to “Permissive” mode on CentOS 8 or not, we run the following command in the terminal:


Method to Permanently Install SELinux in Permissive Mode on CentOS 8

In the method described above, this will only temporarily set SELinux to “Permissive” mode. However, if you want these changes to be present even after a system restart, you will need to access the SELinux configuration file as follows:

sudo nano /etc/selinux/config

Now you need to check the SELinux status again to see if its mode has been changed to “Permissive” or not. You can do this by running the following command in your terminal:


You can see from the highlighted part of the image below that right now only the mode from the configuration file has been changed to “Permissive”, while the current mode is still “Enforcing”. Now, for our changes to take effect, we will restart our CentOS 8 system by running the following command in a terminal:

sudo shutdown –r now

After restarting the system, when you check the SELinux state again with the “sestatus” command, you will notice that the current mode has also been set to “Permissive”.

Was this article helpful?

Related Articles