Hello,

While reviewing some of my servers, I noticed that a few of them had SELinux disabled. It is my understanding that I should be able to run 'setenforce 1' or 'setenforce 0' to put SELinux in enforcing or permissive mode without requiring a restart.

However, when I run 'setenforce 0' I get the message 'setenforce: SELinux is disabled'

I have modified the /etc/selinux/config file so that it restarts in permissive mode, but I am trying to avoid a reboot as this particular server has a very narrow maintenance window and I have to jump through a lot of hoops if I want to reboot it without getting into a lot of trouble.

Has anyone seen this before? Am I just missing something?

Thanks!!

Hi dcarrington,

It will not work without a reboot because when you enable selinux it relabels the file system. As you said that you have already edited /etc/selinux/config to enable selinux and run in permissive mode but the changes will take place only after reboot.

1 members found this post helpful.

Well, that is unfortunate. I was really hoping to avoid a reboot, but there may just be no way around it.

Thanks!!

Well that is how it works when it comes to selinux. As selinux changes the context for files and directories on reboot basically relabelling. This also applies if you change selinux from permissive to targeted mode.

Please mark the thread as solved if you think your query has been answered.

Enjoy linux!!!