getenforce – Displays the current SELinux application mode

The getenforce command is used to display the current SELinux application mode. SELinux stands for Security-Enhanced Linux, which is a security mechanism implemented in the Linux kernel. It provides a way to enforce mandatory access control policies that restrict the actions that a process can perform on the system.


The getenforce command is used to display the current SELinux application mode. This can be one of three values:

  • Enforcing: SELinux is enabled and enforcing security policies.
  • Permissive: SELinux is enabled, but only logging policy violations instead of enforcing them.
  • Disabled: SELinux is disabled.

To use the getenforce command, simply open a terminal and type getenforce. The output will display the current SELinux mode.

$ getenforce


The getenforce command does not have any options.

Troubleshooting Tips

If the getenforce command returns an error message, it is likely that SELinux is not installed or enabled on the system. To enable SELinux, you can follow these steps:

  1. Install the SELinux policy packages: sudo yum install selinux-policy selinux-policy-targeted
  2. Enable SELinux: sudo setenforce 1
  3. Verify that SELinux is enabled: getenforce

If SELinux is already enabled and you are experiencing issues, you can try setting the SELinux mode to permissive to allow policy violations to be logged without enforcing them. To do this, run the following command: sudo setenforce 0. Then, run getenforce to verify that the mode has been changed to permissive.


  • SELinux is a powerful security mechanism that can greatly enhance the security of a Linux system. However, it can also be complex to configure and troubleshoot, especially for users who are not familiar with it.
  • It is recommended to consult official SELinux documentation or seek the assistance of a qualified Linux systems administrator before making any changes to SELinux settings on a production system.