--_000_D86C48DF8800164BBE50B87623F7AC954836B078ln2wio001devtra_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I set "SELINUX=3Ddisabled" in /etc/selinux/config and ran a "persist /etc/s= elinux/config". After the node reboots, the file has the correct "SELINUX=3Ddisabled" line = but I see that selinux is still enabled: # grep ^SELINUX=3D /etc/selinux/config SELINUX=3Ddisabled # getenforce Enforcing # cat /selinux/enforce 1 It's like the bind mounts for the files in config happen after selinux is s= etup. Is there something else I should be doing to make a change to selinux survi= ve a node reboot? Many thanks, Simon --_000_D86C48DF8800164BBE50B87623F7AC954836B078ln2wio001devtra_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40"<head<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"= <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)"<style><!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-language:EN-US;} a:link, span.MsoHyperlink {mso-style-priority:99; color:#0563C1; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:#954F72; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif"; mso-fareast-language:EN-US;} @page WordSection1 {size:612.0pt 792.0pt; margin:72.0pt 72.0pt 72.0pt 72.0pt;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /</xml><![endif]--><!--[if gte mso 9]><xml<o:shapelayout v:ext=3D"edit"<o:idmap v:ext=3D"edit" data=3D"1" /</o:shapelayout></xml><![endif]--</head<body lang=3D"EN-GB" link=3D"#0563C1" vlink=3D"#954F72"<div class=3D"WordSection1"<p class=3D"MsoNormal">I set &#8220;SELINUX=3Ddisabled&#8221; in /etc/selin= ux/config and ran a &#8220;persist /etc/selinux/config&#8221;.<o:p></o:p></= p<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p<p class=3D"MsoNormal">After the node reboots, the file has the correct &#8= 220;SELINUX=3Ddisabled&#8221; line but I see that selinux is still enabled:= <o:p></o:p></p<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p<p class=3D"MsoNormal" style=3D"margin-left:36.0pt"># grep ^SELINUX=3D /etc= /selinux/config<o:p></o:p></p<p class=3D"MsoNormal" style=3D"margin-left:36.0pt">SELINUX=3Ddisabled<o:p>= </o:p></p<p class=3D"MsoNormal" style=3D"margin-left:36.0pt"># getenforce<o:p></o:p>= </p<p class=3D"MsoNormal" style=3D"margin-left:36.0pt">Enforcing<o:p></o:p></p= <p class=3D"MsoNormal" style=3D"margin-left:36.0pt"># cat /selinux/enforce<= o:p></o:p></p<p class=3D"MsoNormal" style=3D"margin-left:36.0pt">1<o:p></o:p></p<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p<p class=3D"MsoNormal">It&#8217;s like the bind mounts for the files in con= fig happen after selinux is setup.<o:p></o:p></p<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p<p class=3D"MsoNormal">Is there something else I should be doing to make a = change to selinux survive a node reboot?<o:p></o:p></p<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p<p class=3D"MsoNormal">Many thanks,<o:p></o:p></p<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p<p class=3D"MsoNormal">Simon<o:p></o:p></p<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p</div</body</html --_000_D86C48DF8800164BBE50B87623F7AC954836B078ln2wio001devtra_--