--_000_D86C48DF8800164BBE50B87623F7AC954836B078ln2wio001devtra_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I set "SELINUX=3Ddisabled" in /etc/selinux/config and ran a "persist /etc/s= elinux/config". After the node reboots, the file has the correct "SELINUX=3Ddisabled" line = but I see that selinux is still enabled: # grep ^SELINUX=3D /etc/selinux/config SELINUX=3Ddisabled # getenforce Enforcing # cat /selinux/enforce 1 It's like the bind mounts for the files in config happen after selinux is s= etup. Is there something else I should be doing to make a change to selinux survi= ve a node reboot? Many thanks, Simon --_000_D86C48DF8800164BBE50B87623F7AC954836B078ln2wio001devtra_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=

<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)"> <style><!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-language:EN-US;} a:link, span.MsoHyperlink {mso-style-priority:99; color:#0563C1; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:#954F72; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif"; mso-fareast-language:EN-US;} @page WordSection1 {size:612.0pt 792.0pt; margin:72.0pt 72.0pt 72.0pt 72.0pt;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3D"EN-GB" link=3D"#0563C1" vlink=3D"#954F72"> <div class=3D"WordSection1"> <p class=3D"MsoNormal">I set “SELINUX=3Ddisabled” in /etc/selin= ux/config and ran a “persist /etc/selinux/config”.<o:p></o:p></= p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">After the node reboots, the file has the correct = 220;SELINUX=3Ddisabled” line but I see that selinux is still enabled:= <o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal" style=3D"margin-left:36.0pt"># grep ^SELINUX=3D /etc= /selinux/config<o:p></o:p></p> <p class=3D"MsoNormal" style=3D"margin-left:36.0pt">SELINUX=3Ddisabled<o:p>= </o:p></p> <p class=3D"MsoNormal" style=3D"margin-left:36.0pt"># getenforce<o:p></o:p>= </p> <p class=3D"MsoNormal" style=3D"margin-left:36.0pt">Enforcing<o:p></o:p></p=

<p class=3D"MsoNormal" style=3D"margin-left:36.0pt"># cat /selinux/enforce<= o:p></o:p></p> <p class=3D"MsoNormal" style=3D"margin-left:36.0pt">1<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">It’s like the bind mounts for the files in con= fig happen after selinux is setup.<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Is there something else I should be doing to make a = change to selinux survive a node reboot?<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Many thanks,<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Simon<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> </div> </body> </html> --_000_D86C48DF8800164BBE50B87623F7AC954836B078ln2wio001devtra_--