What setting in SELinux enables policy rules and blocks unauthorized access?

The setting that enables policy rules and blocks unauthorized access in SELinux is "enforcing." When SELinux is in enforcing mode, it actively enforces the security policies defined in its policy rules. This means that any actions that violate these policies are blocked, and an audit log entry is made to record the event. This provides a robust layer of security by ensuring that only authorized actions are permitted, adhering strictly to the security policies established for the system.

In contrast, other modes such as permissive allow all actions but only log violations rather than blocking them. This is useful for testing policies but does not provide the same level of security. The disabled state completely turns off SELinux, rendering it ineffective for any enforcement. The targeted mode is a specific implementation that enforces rules on certain processes but does not inherently mean that all accesses will be blocked unless they are defined in the policy. Therefore, enforcing is the mode that both enables policy rules and blocks unauthorized access effectively.