Once SELinux is enabled on a system, it starts its access control functionality, as described in the previous chapter. This however might have some unknown side effects, so in this chapter, we will:
Switch between SELinux in full-enforcement mode (resembling a host-based intrusion prevention system) versus its permissive, logging-only mode (resembling a host-based intrusion detection system)
Use various methods to toggle the SELinux state (enabled or disabled, permissive or enforcing)
Disable SELinux's enforcement for a single domain rather than the entire system
Learn to interpret the SELinux log events that describe which activities SELinux has prevented
We will finish with an overview of common methods for analyzing these logging events in day-to-day operations.