I restored a whole filesystem from a backup using rdiff-backup and made it bootable from a modified CentOS 5 CD ROM.
All works well except all the files have SeLinux context of
root:object_r:file_t:s0
I tried rebooting with .autorelable and it seems to take no time and reboots immediately after starting. After, there is no change in the contexts of the files.
I also tried fixfiles and restorecon with and without selinux enabled and in all cases it takes no time and returns no error code i.e. it does nothing. Nothing in the system log either.
How do I get my filesystem back in shape for SeLi nux?
[SOLVED] restorecon and /.autorelabel have no effect and take no time
Re: restorecon and /.autorelabel have no effect and take no time
/.autorelable or /.autorelabel? Your subject and message body have different spellings and the one in the subject will do something and the one in the body will be ignored.
If you are using /.autorelabel then is selinux in enforcing, permissive or disabled mode? From reading /etc/rc.sysinit it seems that if /sbin/init it wrongly labelled then you will need to use /.autorelabel twice, once to set /sbin/init to the right label followed by a reboot to really relabel things.
I don't think you can relabel with selinux disabled, it's most likely to work in permissive mode.
If you are using /.autorelabel then is selinux in enforcing, permissive or disabled mode? From reading /etc/rc.sysinit it seems that if /sbin/init it wrongly labelled then you will need to use /.autorelabel twice, once to set /sbin/init to the right label followed by a reboot to really relabel things.
I don't think you can relabel with selinux disabled, it's most likely to work in permissive mode.
Re: restorecon and /.autorelabel have no effect and take no time
Thanks.
I think the problem was with /sbin/init. I did spell autorelabel correctly (except in my post) and it was deleted on boot. Probably all I needed to do was run it again.
I eventually solved the problem by recovering the backup with selinux disabled and backing up with full extended attribute information, which rdiff-backup can do when it finds the pyxattr module. Then there is nothing left to relabel when I reboot as it is all intact.
I think the problem was with /sbin/init. I did spell autorelabel correctly (except in my post) and it was deleted on boot. Probably all I needed to do was run it again.
I eventually solved the problem by recovering the backup with selinux disabled and backing up with full extended attribute information, which rdiff-backup can do when it finds the pyxattr module. Then there is nothing left to relabel when I reboot as it is all intact.
- AlanBartlett
- Forum Moderator
- Posts: 9345
- Joined: 2007/10/22 11:30:09
- Location: ~/Earth/UK/England/Suffolk
- Contact:
Re: [SOLVED] restorecon and /.autorelabel have no effect and take no time
Thank you for reporting back.
For posterity, this thread is marked [SOLVED].
For posterity, this thread is marked [SOLVED].