SELinux has three modes:
Enforcing: SELinux policy is enforced. SELinux denies access based on SELinux policy rules.
Permissive: SELinux policy is not enforced. SELinux does not deny access, but denials are logged for actions that would have been denied if running in enforcing mode.
Disabled: SELinux is disabled. Only DAC rules are used.
Use the /usr/sbin/setenforce command to change between enforcing and permissive mode. Changes made with /usr/sbin/setenforce do not persist across reboots. To change to enforcing mode, as the Linux root user, run the /usr/sbin/setenforce 1 command. To change to permissive mode, run the /usr/sbin/setenforce 0 command. Use the /usr/sbin/getenforce command to view the current SELinux mode.
Persistent mode changes are covered in Section 5.4, “Enabling and Disabling SELinux”.