[azinman2]

My thoughts exactly. If you can sudo, isn’t it already game over?

[eslaught]

But that was the entire point of SIP, wasn't it? To mitigate the impact of a compromised root account. If it doesn't work, then what's the point of going to all this effort in the first place?

[j16sdiz]

Think SELinux.

sudo is bad, but it is not worse.

Like SELinux, you are not supposed to be able to disable without reboot.

[fignews]

Wouldn’t `setenforce 0` be essentially “disabling” SELinux without a reboot?

[OJFord]

Puts it in 'permissive' mode, i.e. 'audit but don't deny'. Disabling (i.e. no auditing either, no record) requires a reboot I believe (a change to kernel param).