Ask Your Question
0

Emergency Mode when SELinux is enforcing since upgrade to F24

asked 2016-07-03 10:03:50 -0600

fat-lobyte gravatar image

updated 2016-07-04 09:54:52 -0600

Hi!

Since the upgrade, if SELinux is set to enforcing, bootup failed and I am greeted with

Welcome to emergency mode

Where I get to enter my root password.

If I set SELinux to permissive (either by setting /etc/selinux/config SELINUX=permissive or by adding enforcing=0 to the kernel command line), the boot succeeds.

Here is the journal and the audit.log of a boot in permissive mode (boot succeeds):

Here is the journal and the audit.log of a boot in enforcing mode (boot fails):

Does anyone know how to get SELinux to not break my boot?

Edit: This has been solved, please check my answer

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2016-07-04 09:53:22 -0600

fat-lobyte gravatar image

I solved my issue, and it was fairly simple. To fix it, in emergency mode, run the following command:

restorecon -R -v /boot/efi/

Note that this has to be done in emergency mode, because when the boot completes successfully, the context for the /boot/efi directory is masked by the systemd-automount as dosfs_t or automount_t and any changes will be ignored.

The original problem was that the directory was created manually, and had its context set to unconfined_u:object_r:unlabeled_t:s0

This is incorrect, and resetting the context back to system_u:object_r:boot_t:s0 fixes the problem.

edit flag offensive delete link more
add a comment
0

answered 2016-08-25 08:24:58 -0600

mjbright gravatar image

I have a similar problem (after a dnf upgrade, on a running F24 system).

Booting takes me to emergency_mode but I can't login as "/bin/bash: Permission Denied".

If I disable selinux I can boot OK.

So is there a way I can boot from live USB and apply restorecon to my root partition? Any other idea?

edit flag offensive delete link more

Comments

Add enforcing=0 and autorelabel=1 to the boot command line.

ssieb gravatar imagessieb ( 2016-09-02 15:09:52 -0600 )edit
add a comment

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-07-03 10:03:50 -0600

Seen: 551 times

Last updated: Jul 04 '16

Related questions

Upgrade fedora from 23 to 24 mjpeg

How to rescue my Fedora installation?

Fedora24 KDE login problems

VirtualBox 5.0.16 guest addition in Fedora 24 4.6.3

How do I upgrade to Fedora21 from Fedora10?

Samba fedora 23 server

fedora24 3840x2160

Grub2 dual boot with seperate drives [closed]

Missing operating system

How to configure Suexec under Selinux for PHP FCGI?

Ask Fedora is community maintained and Red Hat or Fedora Project is not responsible for content. Content on this site is licensed under a CC-BY-SA 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2