sestatus

sestatus [-v] [-b]

sestatus reports the current status of the SELinux system. It shows whether SELinux is enabled, its current mode (enforcing, permissive, or disabled), the loaded policy type, and various security settings.Typical output includes SELinux status, loaded policy, current mode, policy version, and whether policies are being denied.

-b

Display current states of all policy booleans

Display security contexts of files and processes from /etc/sestatus.conf

SELinux status: enabled/disabledSELinuxfs mount: path to SELinux filesystemSELinux root directory: SELinux configuration locationLoaded policy name: targeted, mls, etc.Current mode: enforcing, permissive, disabledMode from config file: configured default modePolicy MLS status: MLS/MCS statusPolicy deny_unknown status: how unknown access is handledMemory protection checking: protection mode

Only works on systems with SELinux installed. Requires read access to SELinux filesystem and configuration files.

getenforce(8), setenforce(8), semanage(8)