systemd: Failed to initialize SELinux context: Permission denied
Bruno Wolff III
bruno at wolff.to
Fri Dec 7 13:44:50 UTC 2012
On Fri, Dec 07, 2012 at 08:22:10 -0500,
John.Florian at dart.biz wrote:
>
>Thinking selinux might be preventing the relabel from happening (?!?) I
>rebooted with selinux=0 so that I could reconfig /etc/sysconfig/selinux
>having SELINUX=permissive, touched /.autorelabel and rebooted again. This
>time I saw the relabel process do its thing and trigger a reboot. I then
>went back to reconfig /etc/sysconfig/selinux having SELINUX=enforcing,
>rebooted and all seemed well, finally.
The autorelabel is supposed to happen early in the boot process and I think
it is supposed to work even if you system normally comes up in enforcing
mode. So that sounds like a bug.
(You can come up in permissive mode using the enforcing=0 kernel parameter.
This is a bit more convenient in some cases for a one time boot, than
changing the selinux configuration.)
This is generally the safeest way to relabel as you don't want processes
that started with the wrong context creating more incorrectly labelled files
while you are trying to fix things up (with say restorecon).
>So, I'm all good now, but there may be some bugs in that "relabel should
>happen automatically" bit.
>--
>John Florian
More information about the test
mailing list