Bug 692602

Summary: systemd produces selinux error msg during boot, but selinux=disabled in my /etc/selinux/config
Product: [Fedora] Fedora Reporter: Joachim Backes <joachim.backes>
Component: systemdAssignee: Lennart Poettering <lpoetter>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 15CC: amcnabb, awilliam, ivenvd, johannbg, lpoetter, metherid, mschmidt, notting, plautrba
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-31 19:07:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joachim Backes 2011-03-31 16:48:40 UTC 
Description of problem:
after having updated to the most recent packages (including update to 
systemd-21-2.fc15.x86_64), I see a lot of SElinux error messages during 
boot:

Failed to load SElinux policy
Failed to set security context system_u:object_r:sysfs_t:s0 for /sys: 
Invalid argument
Failed to mount /sys/fs/cgroup/systemd: No such file or directory

The boot will not finish!

These messages appear repeatedly during boot.

What I find weird (and this is the reason for this bugzilla, not the systemd misbehaviour):

in my /etc/selinux/config I have selinux disabled:

--------------------------- snip ---------------------------------
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 
---------------------------snap -------------------------------------

Nevertheless this systemd pitfall blocks my system!
Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Andrew McNabb 2011-03-31 18:52:23 UTC 
When I upgraded my Fedora 15 Alpha system from systemd 20 to systemd 21, I encountered these same error messages. As in Joachim's case, I have selinux disabled.
Comment 2 Andrew McNabb 2011-03-31 19:00:29 UTC 
By the way, I tried booting with systemd.unit=rescue.target and sytsemd.unit=emergency.target, and the system hung at the selinux errors in both cases. Since it now appears to be impossible to boot the system by any means less drastic than init=/bin/sh, I think the severity of this issue is urgent. Is there any other information that would be helpful for this bug report?
Comment 3 Iven Hsu 2011-03-31 19:07:20 UTC 
I had the same issue with you, and I found a workaround, just set SELINUX=permissive in /etc/sysconfig/selinux.
Comment 4 Michal Schmidt 2011-03-31 19:07:47 UTC 
There seems to be a bug when SELinux is disabled via the config file. Try using "selinux=0" on the kernel command line.
Comment 5 Michal Schmidt 2011-03-31 19:07:58 UTC 

*** This bug has been marked as a duplicate of bug 692573 ***