Selinux so badly corrupted machine can't start
Daniel J Walsh
dwalsh at redhat.com
Tue Jun 19 15:30:47 UTC 2007
Tony Nelson wrote:
> At 9:55 AM -0400 6/19/07, Daniel J Walsh wrote:
>
>> Tony Nelson wrote:
>>
>>> At 9:39 AM +0930 6/19/07, Tim wrote:
>>>
>>>
>>>> Michael Wiktowy:
>>>>
>>>>
>>>>>> Couldn't you just change your grub entry to include enforcing=0 at the
>>>>>> boot menu without the Rescue CD step?
>>>>>>
>>>>>>
>>>> Tony Nelson:
>>>>
>>>>
>>>>> How would that create the file /.autorelabel? How would you plan to edit
>>>>> grub.conf when the system won't boot due to SELinux labeling issues?
>>>>>
>>>>>
>>>> You don't have to edit the file, just add the parameters to the kernel
>>>> line through the GRUB interface. SELinux isn't part of the equation
>>>> until after GRUB has handed off to the OS.
>>>>
>>>>
>>> ...
>>>
>>> OK, enquiring minds want to know those kernel parameters. Start with
>>> "enforcing=0", and make it relabel -- but don't do a `touch /.autorelabel`
>>> first.
>>>
>>>
>> Kernal parameters available
>>
>> enforcing=0 (Boots in permissive Mode)
>> selinux=0 (Boots with SELinux disabled, will cause a relabel to happen
>> next time you boot with SELinux enabled)
>> autorelabel=1 (Does the same thing as touch /.autorelabel; reboot)
>>
>
> Thanks. How about adding that last one to
> <http://danwalsh/livehournal.com/3144.html> ?
>
I just posted a new blog entry.
More information about the fedora-list
mailing list