What is SELinux and how does it enhance security

March 28, 2026 · Category: Linux

Short answer

SELinux (Security-Enhanced Linux) enforces mandatory access control (MAC) policies that restrict what processes can do, even if they run as root. Unlike traditional file permissions, SELinux policies define what actions each process type can perform on each resource type. For basic Linux permissions, see how to manage file permissions.

Modes

Enforcing: Policies are actively enforced. Violations are blocked and logged.
Permissive: Violations are logged but not blocked. Useful for debugging.
Disabled: SELinux is turned off entirely.

Common commands

getenforce              # Check current mode
setenforce 0            # Switch to permissive
sestatus                 # Detailed status
ls -Z file.txt          # See SELinux context

Troubleshooting

When something fails silently due to SELinux, check /var/log/audit/audit.log. Use audit2allow to generate policy rules from denials.

Tips

Do not disable SELinux in production; use permissive mode temporarily instead
For firewall configuration, see how to configure networking with iptables and UFW