setenforce

Put SELinux in enforcing mode

$ setenforce 1

$ setenforce 0

setenforce [0|1|Permissive|Enforcing]

setenforce toggles SELinux between enforcing and permissive modes at runtime. In enforcing mode, SELinux denies access based on policy rules. In permissive mode, violations are logged but not blocked.
This change is temporary and does not persist across reboots. To permanently change the SELinux mode, edit /etc/selinux/config and set the SELINUX variable.

0, Permissive

Switch to permissive mode (log violations but don't enforce)

Switch to enforcing mode (log and enforce policy)

Requires root privileges. Cannot enable/disable SELinux entirely; only toggles between enforcing and permissive. To check current mode, use getenforce. Switching to permissive mode reduces system security.

setenforce is part of the SELinux userspace tools developed by the NSA and Red Hat. It has been available since the introduction of SELinux in the Linux 2.6 kernel.

getenforce(8), semanage-permissive(8), sestatus(8), selinux(8)