regarding to selinux and according to some Hadoop recommendation selinux must be disabled
about selinux – more info in https://www.ibm.com/support/knowledgecenter/STXKQY_BDA_SHR/bl1bda_selinux.htm
we have two options
- login to machine and set selinux
setenforce 0
. Or - login to machine and edit
/etc/selinux/config
by set SELINUX todisabled
so is there any difference bitten disable SELinux on CentOS 7 temporarily, as setenforce 0
, to edit /etc/selinux/config
file and set the SELINUX to disabled ?
from documentation we can see "If you are using Hortonworks Data Platform (HDP) in any IBM Spectrum scale release, SELinux must be disabled."
so maybe we should not take a risks and set the selinux to disable and restart the machine , ?
note I assume that set the selinux to disable require machine restart ?
Best Answer
setenforce 0
will only temporarily disable SELinux. The next time you reboot the server, selinux will be back on.When you edit
/etc/selinux/config
, that makes the change persistent across reboots.Generally speaking, if at all possible, you should keep SELinux turned on.
setenforce 0
allows you to troubleshoot issues with the goal of turning it back on (withsetenforce 1
).But there are indeed some vendors out there who unfortunately insist on disabling it completely. I personally try to avoid such vendors.