SELinux Permissive Domains

Published: 18 March 2016

Note: this article is old and may contain outdated or incorrect information.

When SELinux is configured to run in Permissive mode it will only log when an action would be denied using Enforcing. Using permissive domains a single process and be configured to run in Permissive mode while leaving the rest of the system in Enforcing.

Make a domain permissive with semanage permissive domain. To remove a domain from the permissive list use semanage permissive -d domain.