While troubleshooting a custom backup script on a CentOS Stream 9 host, you decide to put SELinux into permissive mode so the script can run but you can still see what would have been blocked. After running:
# setenforce 0
which outcome should you expect, and why is this useful when building a custom policy for the script?
SELinux continues to label objects and logs AVC denial messages but does not block the operations, letting the script run while you later feed the logged denials to tools such as audit2allow.
SELinux stops enforcing only network-related rules; file-system rules are still enforced so the script will continue to fail and generate partial AVC logs.
SELinux stops enforcing and stops auditing, so no AVC records are generated; this makes policy generation impossible.
SELinux unloads every policy module, removes existing file labels, and requires a complete filesystem relabel after the next reboot.
Running setenforce 0 switches the whole system from Enforcing to Permissive mode. In this mode SELinux still evaluates every access against the loaded policy and writes an AVC log entry for any action that would have been denied, but it does not actually block the action. The backup script therefore runs successfully, and the administrator can later parse the recorded AVC messages with tools such as ausearch and audit2allow to create or adjust a policy module. Permissive mode is designed exactly for this kind of troubleshooting and policy-development task; it does not disable labeling, unload modules, or suppress logging.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SELinux and why is it important in CentOS Stream 9?
Open an interactive chat with Bash
What is the difference between SELinux Enforcing mode and Permissive mode?
Open an interactive chat with Bash
How do audit2allow and ausearch help create custom SELinux policies?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access