Mike,
setenforce can change mode. See:
root@ctx0700:~# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
root@ctx0700:~# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mcs
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: requested (insecure)
Max kernel policy version: 31
root@ctx0700:~# setenforce 0
root@ctx0700:~# getenforce
Permissive
root@ctx0700:~# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mcs
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: requested (insecure)
Max kernel policy version: 31
-----henry
On Thu, Feb 9, 2023 at 12:11 PM Michael Radecker <michaelradecker(a)gmail.com>
wrote:
Henry,
You can edit /etc/selinux/config to state SELINUX=enforcing
When you reboot, your system will be enforcing SELinux policies and it
will persist. I'm also including a link to Red Hat documentation regarding
this topic.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
-Mike
On Thu, Feb 9, 2023 at 11:58 AM Henry Zhang <henryzhang62(a)gmail.com>
wrote:
> Hi folks,
>
> setenforce allows users to swap selinux mode between enforcing and
> permissive.
> If I want my selinux to stay in enforcing mode forever so that nobody is
> able to interfere with my selinux.
>
> What should I do?
>
> Thanks.
>
> ---henry
> _______________________________________________
> selinux mailing list -- selinux(a)lists.fedoraproject.org
> To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject...
> Do not reply to spam, report it:
>
https://pagure.io/fedora-infrastructure/new_issue
>