To set kernel parameters:
- SE Linux is recommended whenever feasible.
- Do not configure SE Linux in disabled mode.
- Permissive mode will allow all required system calls to be made while the system provides auditing of the system calls.
- The status of SE Linux can be displayed with the
sestatuscommand.
Display Status
$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28Permissive mode can be configured with the following command.
permissive
setenforce permissive