Description of problem: FC4 box, booted a non SELinux kernel on it for testing stuff. I then booted back into FC4. It rudely and without asking announced it was going to waste half an hour of my time relabelling the disk unneccessarily. To add insult to injury the system then reported "Permission denied" whenever I tried to log in. If I boot with selinux=0 it is happy so the permission errors are coming from SELinux having broken the system.
What avc messages did you see when you tried to login? If you boot with enforcing=0 you can still log in and the AVC message will still be recorded. The reason it tried to relabel was that it has no idea what files were created during the period when you were running without SELinux enabled. So it needs to clean up. I know of know other way of doing this. Of course if the system is still hosed after you relabel, that is a major bug. Dan
It also has no idea if the policy relabelling will produce the correct result for moved files, so to do it without asking is rude. Ok the only thing I saw with selinux on was "permission denied". I'll go try and repeat the mess now. Ok went through the cause a relabel cycle again and this time its decided to be annoying by working perfectly. No idea what has changed.
This was fixed post-FC4 to reboot after relabeling; otherwise, you could end up in the state where it relabeled, but since init, udev, etc. was done pre-relabel, the contexts on your devices for login wouldn't be correct. (As I understand it.)