🟡 Medium   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: SUSE Linux Enterprise Server 15

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Security audit fails because SELinux is permissive instead of enforcing on regulated SLES 15 nodes.

Environment & Reproduction

Seen after testing windows or accidental `setenforce 0` left in place across reboots.

Root Cause Analysis

`/etc/selinux/config` is set to `SELINUX=permissive` or boot parameter `enforcing=0` persists.

Quick Triage

Check current mode with `getenforce` and `sestatus`.

Step-by-Step Diagnosis

Inspect `/etc/selinux/config` and `/proc/cmdline` for permissive overrides.

Illustrative mockup for sles-15 — selinux_permissive-by-mistake_terminal
Terminal diagnostics for MLS workload runs in SELinux permissive unexpectedly — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Set `SELINUX=enforcing`, remove `enforcing=0` from GRUB, then reboot or `setenforce 1`.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for sles-15 — selinux_permissive-by-mistake_logs
Logs and evidence for MLS workload runs in SELinux permissive unexpectedly — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Use SUSE Manager states to enforce mode across the fleet.

Verification & Acceptance Criteria

`getenforce` returns `Enforcing` after reboot and policy denials are logged correctly.

Rollback Plan

Drop back to permissive only during controlled debugging windows.

Prevention & Hardening

Audit SELinux state via configuration management daily.

Pairs with `SELinux is preventing` AVC messages once enforcing is restored.

Related tutorial: View the step-by-step tutorial for sles-15.

View all sles-15 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

SUSE SELinux quickstart and policy management notes.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.