45.2.12. Useful Commands for Scripts

45.2.12. Useful Commands for Scripts

The following is a list of useful commands introduced with SELinux, and which you may find useful when writing scripts to help administer your system:

getenforce

This command returns the enforcing status of SELinux.

setenforce [ Enforcing | Permissive | 1 | 0 ]

This command controls the enforcing mode of SELinux. The option 1 or Enforcing tells SELinux to enter enforcing mode. The option 0 or Permissive tells SELinux to enter passive mode. Access violations are still logged, but not prevented.

selinuxenabled

This command exits with a status of 0 if SELinux is enabled, and 1 if SELinux is disabled.

selinuxenabled echo $? 0
getsebool [-a] [boolean_name]

This command shows the status of all booleans (-a) or a specific boolean (<boolean_name>).

setsebool [-P] <boolean_name> value | bool1=val1 bool2=val2 ...

This command sets one or more boolean values. The -P option makes the changes persistent across reboots.

togglesebool boolean ...

This command toggles the setting of one or more booleans. This effects boolean settings in memory only; changes are not persistent across reboots.


Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.