selinuxenabled

Check if SELinux is enabled (no output; check exit code with echo $?)

$ selinuxenabled

$ selinuxenabled && echo "SELinux is enabled" || echo "SELinux is disabled"

$ if selinuxenabled; then echo "SELinux is running"; fi

selinuxenabled

The selinuxenabled command is a simple utility designed to determine whether SELinux (Security-Enhanced Linux) is currently enabled on the system. It does not modify the SELinux state; its sole purpose is to report the current status by exiting with a specific status code.

This command is particularly useful in shell scripts or automated processes where conditional logic depends on the SELinux enforcement status. If SELinux is enabled and active, the command exits with a status of 0 (success). If SELinux is disabled or not supported by the kernel, it exits with a non-zero status, typically 1 for disabled or 2 for an error.

Unlike sestatus or getenforce, selinuxenabled produces no standard output, making it ideal for direct use in if statements or other conditional constructs where only the exit code matters. It provides a quick and efficient way to check the policy enforcement without parsing textual output.

selinuxenabled only reports the current kernel-level SELinux status; it does not indicate whether SELinux is merely installed or configured to be enabled on reboot. It provides no information about the current enforcement mode (e.g., enforcing, permissive). For more detailed SELinux status information, commands like sestatus(8) or getenforce(8) should be used.

The exit status of selinuxenabled is crucial for its utility in scripting:
0 - SELinux is enabled and running.
1 - SELinux is disabled.
2 - An error occurred, possibly indicating SELinux is not installed or the kernel does not support it.

The selinuxenabled command is part of the libselinux development libraries and utilities, which provide the foundational components for managing SELinux on Linux systems. It emerged as a practical tool for scripting alongside the broader adoption of SELinux in enterprise-grade Linux distributions, notably Red Hat Enterprise Linux and its derivatives. Its simple design reflects the need for a straightforward, programmatic way to check SELinux's operational status without requiring complex output parsing, making it a stable utility since its introduction as part of the SELinux tools.

sestatus(8), setenforce(8), getenforce(8), selinux(8)