SElinux and FC6
Aleksandar Milivojevic
alex at milivojevic.org
Tue Dec 26 14:22:15 UTC 2006
Vidiot wrote:
> If this is not the right place to ask this question, please direct me to the
> right place.
>
> Yesterday I upgraded from FC2 to FC6. When it rebooted, it froze because
> SElinux complained something about the machine being mandatory, or something
> like that. I didn't write down the error message. The boot process froze
> pretty much right away.
>
> I ultimately had to use the rescue CD in order to boot FC6 and go searching
> for a way to get rid of the problem. I ultimately found the /etc/selinux/config
> file and disabled selinux.
>
> While I should ultimately have SElinux running, it seems that the FC6 install
> set up the system so that it will not work. Is this a bug in the FC6 upgrade?
It's probably an upgrade bug in FC6 installer.
First thing I would check is if there's anything in /etc/selinux that
got created with extension .rpmnew (check timestamps to make sure
.rpmnew files are newer than config files, there's probability some of
them were from FC2 updates). Probably most important will be policy.18
and file_contexts files. If there is, just move them into place (for
example mv policy.18 policy.18.orig followed by mv policy.18.rpmnew
policy.18).
When you are done with that, you should try re-enabling selinux in the
configuration file, than create /.autorelabel (touch /.autorelabel) and
reboot. This will cause /etc/rc.sysinit to recreate SELinux labels
early in the boot process (hopefull before everything freezes). If it
freezes before it gets to relabeling, try putting SELinux into
permissive mode (in the configuration file), make sure /.autorelabel is
there and reboot. When it's done try going back into enforcing mode.
Hopefully this will help.
More information about the redhat-list
mailing list