SELinux | Into the Terminal 14
·2 mins
SELinux has a reputation as the first thing people disable when something breaks. This episode of Into the Terminal makes the case for leaving it on and actually understanding it, because on RHEL it is one of the strongest layers of defense you already have.
What this episode covers:
- The three modes. Enforcing blocks and logs, permissive only logs (great for troubleshooting without breaking things), and disabled turns it off entirely — and why
setenforce 0for a test is very different from disabling it in config. - Contexts are the whole game. Every file, process, and port carries an SELinux context, and most “SELinux problems” are really just a label that does not match — which is why
ls -Z,ps -Z, andrestoreconmatter more than the off switch. - Booleans let you say yes without weakening everything. Toggles like
httpd_can_network_connectopen up specific, intended behavior instead of forcing an all-or-nothing choice. - Reading a denial. How to use the audit log and tools like
sealert/ausearchto see exactly what was blocked and why, so you can fix the label or set a boolean rather than reaching for permissive.
If SELinux has ever cost you an afternoon, this episode is the one that turns it from an enemy into a tool. Watch the full walkthrough above.


