Selinux so badly corrupted machine can't start

Daniel J Walsh dwalsh at redhat.com
Tue Jun 19 15:30:47 UTC 2007


Tony Nelson wrote:
> At 9:55 AM -0400 6/19/07, Daniel J Walsh wrote:
>   
>> Tony Nelson wrote:
>>     
>>> At 9:39 AM +0930 6/19/07, Tim wrote:
>>>
>>>       
>>>> Michael Wiktowy:
>>>>
>>>>         
>>>>>> Couldn't you just change your grub entry to include enforcing=0 at the
>>>>>> boot menu without the Rescue CD step?
>>>>>>
>>>>>>             
>>>> Tony Nelson:
>>>>
>>>>         
>>>>> How would that create the file /.autorelabel?  How would you plan to edit
>>>>> grub.conf when the system won't boot due to SELinux labeling issues?
>>>>>
>>>>>           
>>>> You don't have to edit the file, just add the parameters to the kernel
>>>> line through the GRUB interface.  SELinux isn't part of the equation
>>>> until after GRUB has handed off to the OS.
>>>>
>>>>         
>>>  ...
>>>
>>> OK, enquiring minds want to know those kernel parameters.  Start with
>>> "enforcing=0", and make it relabel -- but don't do a `touch /.autorelabel`
>>> first.
>>>
>>>       
>> Kernal parameters available
>>
>> enforcing=0 (Boots in permissive Mode)
>> selinux=0 (Boots with SELinux disabled, will cause a relabel to happen
>> next time you boot with SELinux enabled)
>> autorelabel=1 (Does the same thing as touch /.autorelabel; reboot)
>>     
>
> Thanks.  How about adding that last one to
> <http://danwalsh/livehournal.com/3144.html> ?
>   
I just posted a new blog entry.




More information about the users mailing list