Sysctl: ipe.enforce

This article has last been updated at March 12, 2025.

This sysctl key defines if a system should run the Linux security module IPE in permissive or enforce mode.

Values

Value	Description
0	IPE in permissive mode
1	IPE in enforce mode

Most systems have by default ipe.enforce set to value 1.

Show current value

The value of the ipe.enforce can be retrieved using the sysctl command.

sysctl ipe.enforce

or using the proc file system:

sysctl /proc/sys/ipe/enforce

Configure new value

To apply a new value, use the option --write, followed by the key and value.

sysctl --write ipe.enforce=NEWVALUE

To ensure that these changes are also applied during the next boot, add them to a configuration file, typically something like /etc/sysctl.d/99-custom.conf.

Feedback

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Like to learn more? Here is a list of articles within the same category or having similar tags.

Values

Show current value

Configure new value

Feedback

Related articles