What mode must be active for SELinux policy rules to enforce and violations to be logged?

For SELinux policy rules to enforce security measures and log any violations, Enforcing Mode must be active. In this mode, SELinux actively checks access requests against its policy rules, allowing only those actions that are explicitly permitted by the policy. If a process attempts to perform an action that is not allowed, it is denied, and the attempted violation is logged for auditing purposes.

Permissive Mode, while allowing actions that would otherwise be denied, merely logs those violations without actually enforcing the security policies, making it unsuitable for enforcing at a high-security level. Disabled Mode completely turns off SELinux, meaning no rules are enforced or logged, which also does not meet the criteria. Targeted Mode refers to a specific type of SELinux policy that provides fine-grained control primarily around certain processes while others may run without the same scrutiny; however, it can only enforce rules when in Enforcing Mode. Thus, for true enforcement and logging of SELinux violations, Enforcing Mode is essential.