Useful Commands for Scripts

The following is a list of useful commands introduced with SELinux, and which you may find useful when writing scripts to help administer your system:

getenforce: This command returns the enforcing status of SELinux.

setenforce [ Enforcing | Permissive | 1 | 0 ]

This command controls the enforcing mode of SELinux. The option 1 or Enforcing tells SELinux to enter enforcing mode. The option 0 or Permissive tells SELinux to enter passive mode. Access violations are still logged, but not prevented.

selinuxenabled

This command exits with a status of 0 if SELinux is enabled, and 1 if SELinux is disabled.

~]# selinuxenabled
~]# echo $?
0

getsebool [-a] [boolean_name]

This command shows the status of all booleans (-a) or a specific boolean (<boolean_name>).

setsebool [-P] <boolean_name> value | bool1=val1 bool2=val2 ...

This command sets one or more boolean values. The -P option makes the changes persistent across reboots.

togglesebool boolean ...

This command toggles the setting of one or more booleans. This effects boolean settings in memory only; changes are not persistent across reboots.