LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   SELinux still disabled (https://www.linuxquestions.org/questions/linux-security-4/selinux-still-disabled-933461/)

dcarrington 03-08-2012 12:38 PM
SELinux still disabled
 
Hello,

While reviewing some of my servers, I noticed that a few of them had SELinux disabled. It is my understanding that I should be able to run 'setenforce 1' or 'setenforce 0' to put SELinux in enforcing or permissive mode without requiring a restart.

However, when I run 'setenforce 0' I get the message 'setenforce: SELinux is disabled'

I have modified the /etc/selinux/config file so that it restarts in permissive mode, but I am trying to avoid a reboot as this particular server has a very narrow maintenance window and I have to jump through a lot of hoops if I want to reboot it without getting into a lot of trouble.

Has anyone seen this before? Am I just missing something?

Thanks!!

T3RM1NVT0R 03-08-2012 12:52 PM
@ Reply
 
Hi dcarrington,

It will not work without a reboot because when you enable selinux it relabels the file system. As you said that you have already edited /etc/selinux/config to enable selinux and run in permissive mode but the changes will take place only after reboot.

dcarrington 03-08-2012 03:42 PM
Well, that is unfortunate. I was really hoping to avoid a reboot, but there may just be no way around it.

Thanks!!

T3RM1NVT0R 03-09-2012 07:24 AM
@ Reply
 
Well that is how it works when it comes to selinux. As selinux changes the context for files and directories on reboot basically relabelling. This also applies if you change selinux from permissive to targeted mode.

Please mark the thread as solved if you think your query has been answered.

Enjoy linux!!!


All times are GMT -5. The time now is 06:39 PM.