Which SELinux mode requires a reboot to transition into?

Transitioning to Disabled Mode in SELinux does indeed necessitate a reboot. When SELinux is set to Disabled, it entirely ceases to operate; the security policies that SELinux implements are not enforced in any capacity. This mode is configured in the system's boot parameters, meaning that the change can only take effect on system startup, thus requiring a reboot.

In contrast, both Permissive and Enforcing modes can be switched at runtime without restarting the system. Permissive mode allows SELinux to log policy violations but does not enforce the rules, while Enforcing mode actively enforces the rules and denies access when policies are violated. Therefore, altering settings related to these modes can be done on-the-fly, making a reboot unnecessary. Additionally, there is no standard SELinux mode called "Active Mode." Therefore, the requirement for a reboot is specific to entering Disabled Mode, as changes must be executed at boot time to reflect the system's operating state.