Home Forum

What benefits are there to changing the SELinux mode from 'Enforcing' to 'Permissive

I've heard of changing the SELinux status and how it can aid further development, but what exactly is the effect of changing the SELinux status to 'Permissive'? If someone can elaborate on that for me that would be greatly appreciated.

Cheers!
 

Related:

#1 KingOfTheNet, Jan 12, 2017
Permissive = less secure, of course...should theoretically be easier to root such a device.

Enforcing = more secure and given the hurdles that mode presents even when gifted with something like the dirty cow exploit, make it a truly formidable (and much better secured) mode. Throw in a locked bootloader, dm-verity, and you've got a very secure system.

You can derive / infer your benefits (or pros and cons) from the context or perspective. If you want to obtain root, then you'd be better off with a permissive device.

https://wiki.gentoo.org/wiki/SELinux/Tutorials/Permissive_versus_enforcing
 
#2 scary alien, Jan 12, 2017