Selinux so badly corrupted machine can't start
Daniel J Walsh
dwalsh at redhat.com
Tue Jun 19 13:55:37 UTC 2007
Tony Nelson wrote:
> At 9:39 AM +0930 6/19/07, Tim wrote:
>
>> Michael Wiktowy:
>>
>>>> Couldn't you just change your grub entry to include enforcing=0 at the
>>>> boot menu without the Rescue CD step?
>>>>
>> Tony Nelson:
>>
>>> How would that create the file /.autorelabel? How would you plan to edit
>>> grub.conf when the system won't boot due to SELinux labeling issues?
>>>
>> You don't have to edit the file, just add the parameters to the kernel
>> line through the GRUB interface. SELinux isn't part of the equation
>> until after GRUB has handed off to the OS.
>>
> ...
>
> OK, enquiring minds want to know those kernel parameters. Start with
> "enforcing=0", and make it relabel -- but don't do a `touch /.autorelabel`
> first.
>
Kernal parameters available
enforcing=0 (Boots in permissive Mode)
selinux=0 (Boots with SELinux disabled, will cause a relabel to happen
next time you boot with SELinux enabled)
autorelabel=1 (Does the same thing as touch /.autorelabel; reboot)
More information about the fedora-list
mailing list