Richard Hally (rhally(a)mindspring.com) said:
The purpose of the file is to set one of the three values when the
system boots but not change it on the fly while the system is up?
Mainly to set the value when the system boots, although it will
change the enforcing level if you change it while it's operational.
OK, so the next question is where is that file read and used ? the
init program? sysinit?
By init, yes.
I get the impression that it will be overridden
by kernel parameters, how does that happen?
It's a priority mechanism - kernel parameters (selinux=0, or enforcing=(1|0))
take precedence, then the values in /etc/sysconfig/selinux, then whatever
the kernel default is.
Last question, has consideration been given to changing the value in
that file when someone changes the actual status of SELinux(enforcing or
permissive) with setenforce.
Not really... setenforce is (IMO) used for temporary changes.
Bill