While troubleshooting a newly installed web service on a RHEL-based server, you want SELinux to stop enforcing policy so the service can start, but you still need every denial to be logged and you must ensure the change is not persistent after a reboot. What single shell command satisfies these requirements?
The command setenforce 0 switches SELinux from Enforcing to Permissive mode for the running kernel only. In permissive mode the policy is loaded and every denial is still recorded, but no access is blocked. The change is purely runtime; the system's configured mode in /etc/selinux/config is unchanged, so SELinux returns to its previous mode at the next boot. The other options are incorrect: specifying disabled to setenforce is invalid (the utility accepts only 0/1 or Permissive/Enforcing); adding a permissive domain with semanage affects only one domain, not the whole system; appending SELINUX=permissive to the configuration file makes the change permanent and survives reboots, which violates the scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between SELinux's Permissive and Enforcing modes?
Open an interactive chat with Bash
Why does `setenforce 0` not make a permanent change to SELinux?
Open an interactive chat with Bash
How does logging work in SELinux when in Permissive mode?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access