Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
While reviewing some of my servers, I noticed that a few of them had SELinux disabled. It is my understanding that I should be able to run 'setenforce 1' or 'setenforce 0' to put SELinux in enforcing or permissive mode without requiring a restart.
However, when I run 'setenforce 0' I get the message 'setenforce: SELinux is disabled'
I have modified the /etc/selinux/config file so that it restarts in permissive mode, but I am trying to avoid a reboot as this particular server has a very narrow maintenance window and I have to jump through a lot of hoops if I want to reboot it without getting into a lot of trouble.
Has anyone seen this before? Am I just missing something?
It will not work without a reboot because when you enable selinux it relabels the file system. As you said that you have already edited /etc/selinux/config to enable selinux and run in permissive mode but the changes will take place only after reboot.
Well that is how it works when it comes to selinux. As selinux changes the context for files and directories on reboot basically relabelling. This also applies if you change selinux from permissive to targeted mode.
Please mark the thread as solved if you think your query has been answered.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.