Altering SELinux kills CentOS7?

Support for security such as Firewalls and securing linux
Post Reply
wolfr1
Posts: 15
Joined: 2012/03/21 17:09:50

Altering SELinux kills CentOS7?

Post by wolfr1 » 2014/08/05 19:39:12

Fresh CentOS7 install on a Hyper-V VM. I can successfully install and work without apparent issues except when I set selinux to either disabled or permissive in the /etc/sysconfig/selinux file. When I change from targeted to anything else CentOS7 hangs on reboot.

Is there something new that I'm missing? This used to work without errors.

User avatar
vonskippy
Posts: 839
Joined: 2006/12/30 03:00:04
Location: Western Slope Colorado

Re: Altering SELinux kills CentOS7?

Post by vonskippy » 2014/08/05 20:01:58

For the 2.5^15th time :: Better Details = Better Answers

wolfr1
Posts: 15
Joined: 2012/03/21 17:09:50

Re: Altering SELinux kills CentOS7?

Post by wolfr1 » 2014/08/05 20:34:42

That is essentially what I'm doing. I've tried it both ways and I always get a hang on boot at "Reached target Initrd Default Target."

wolfr1
Posts: 15
Joined: 2012/03/21 17:09:50

Re: Altering SELinux kills CentOS7?

Post by wolfr1 » 2014/08/06 15:09:26

Ok yeah... so I was screwing this one up by editing the wrong line in that file.

JohnathanSmith1969
Posts: 16
Joined: 2014/10/09 00:55:55

Re: Altering SELinux kills CentOS7?

Post by JohnathanSmith1969 » 2014/10/09 12:58:23

i have the same issue.. how do you get it after t hangs... please help me I need to get into this box

calebs71
Posts: 1
Joined: 2016/03/08 17:37:00

Re: Altering SELinux kills CentOS7?

Post by calebs71 » 2016/03/08 18:09:46

I've just run into a seemingly identical issue on RHEL 7.1. Blog post on it is at http://calebs71.blogspot.com/2016/03/se ... hel-7.html but in summary the system was refusing to relabel and hanging at "Reached Target initrd Default Target" and it was caused by SELinux. On top of that if I tried to force a relabel using

Code: Select all

touch /.autorelabel
or

Code: Select all

fixfiles onboot
neither even attempted to relabel the filesystem.

The fix is very odd but appears to have worked.
1. Modify GRUB to include "enforcing=0" to allow the OS to boot this first time without SELinuxq
2. Once inside the OS make sure that /etc/selinux/config is set to enforcing
3. Change the default runlevel from graphical to multi-user (think runlevel 3) with "systemctl set-default multi-user.target"
4. Reboot without modifying GRUB so that selinux is properly enabled on this boot

On the next reboot oddly enough the system recognized that a relabel had been ordered and proceeded as it should have the whole time. After another reboot and setting the default target back to graphical "systemctl set-default graphical.target" and another reboot as a sanity check it's working as expected again. Very odd problem and I must admit a very odd solution....
Hope that helps,
Caleb

User avatar
TrevorH
Forum Moderator
Posts: 27414
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Altering SELinux kills CentOS7?

Post by TrevorH » 2016/03/08 18:37:40

A relabel should always be done in permissive mode.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 7 - Security Support”