If I make a change to /etc/sysconfig/selinux do I have to restart anything for the change to take effect?
On May 9, 2017, at 12:14 PM, Larry Martell <larry.martell at gmail.com> wrote:> > If I make a change to /etc/sysconfig/selinux do I have to restart anything > for the change to take effect?Isn?t the correct answer ?yes? for every single file under that directory? If it were otherwise, you?d have services continually restarting to look for updated settings. Then because of all the resulting inadvertent lock-outs and other failures, you?d have big block comments at the top of those files telling you not to save the file until you?re sure you want those settings applied immediately. If you?re trying to entirely disable SELinux with this change, you?ll have to reboot. If you?re changing between enforcing and permissive, there are commands for that: https://unix.stackexchange.com/questions/148890/how-to-disable-selinux-without-restart
Hi Larry,> If I make a change to /etc/sysconfig/selinux do I have to restart anything > for the change to take effect?It depends. If you are changing the SELinux mode from 'enforcing' to 'permissive' and vice versa, you can make that change active in the running system by issuing the 'setenforce 1' or 'setenforce 0' command, respectively. If you want to go to or from 'disabled' or change the SELinux policy you'll need to reboot to activate the change. Regards, Peter.
On Tue, May 09, 2017 at 02:27:27PM -0600, Warren Young wrote:> Isn?t the correct answer ?yes? for every single file under that > directory? > > If it were otherwise, you?d have services continually restarting to > look for updated settings. Then because of all the resulting > inadvertent lock-outs and other failures, you?d have big block > comments at the top of those files telling you not to save the file > until you?re sure you want those settings applied immediately.You say that, but NetworkManager's default setting used to be to monitor the files in /etc/sysconfig/network-scripts/ and restart the network interfaces when you changed the ifcfg-* files. Thankfully, now you need to set 'monitor-connection-files=true' in the NetworkManager.conf to get that 'feature'. Many times I'd change an IP in the file with vi, save out of muscle memory before I realize what I've done. -- Jonathan Billings <billings at negate.org>
On Wed, May 10, 2017 at 9:30 AM, Peter Eckel <lists at eckel-edv.de> wrote:> Hi Larry, > > > If I make a change to /etc/sysconfig/selinux do I have to restart > anything > > for the change to take effect? > > It depends. > > If you are changing the SELinux mode from 'enforcing' to 'permissive' and > vice versa, you can make that change active in the running system by > issuing the 'setenforce 1' or 'setenforce 0' command, respectively. > > If you want to go to or from 'disabled' or change the SELinux policy > you'll need to reboot to activate the change. >Thanks!