Red Hat Bugzilla – Bug 239562
boot sequence hangs at selinux relabel operation
Last modified: 2007-11-16 20:14:55 EST
Description of problem:
Boot sequence appears to hang during SELinux relabel operation.
Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux AS release 4 (Nahant Update 5)
Boot sequence stops here:
*** Warning -- SELinux relabel is required. ***
*** Disabling security enforcement. ***
*** Relabeling could take a very long time, ***
*** depending on file system size. ***
Boot sequence continues after relabel is complete.
Apparent cause is: fixfiles command was broken in policycoreutils-1.18.1-4.12
The file /etc/rc.sysinit contains this:
/sbin/fixfiles -F relabel > /dev/null 2>&1
Behavior of fixfiles per man page says -F skips prompting for removal of /tmp
files. However, fixfiles from policycoreutils-1.18.1-4.12 prompts regardless
if -F switch is used. This probably causes the apparent boot hang, as rc.sysinit
is waiting at: /sbin/fixfiles -F relabel > /dev/null 2>&1
The fixfiles -F switch worked as expected in policycoreutils-1.18.1-4.9
By adding the fallback to use /sbin/restorecon if /usr/sbin/setfiles is not
available, the "exit $?" statement has been removed from the end of the
restore() function within /sbin/fixfiles. This causes fixfiles to continue
execution after it actually finished relabeling.
We have not seen this in house although the exit $? is definitely removed.
Does this only happen with a separate /usr partiition?
If you add back in the exit $? does it work?
(In reply to comment #2)
> We have not seen this in house although the exit $? is definitely removed.
> Does this only happen with a separate /usr partiition?
No, this happens always, regardless whether /usr is on a local partition or
mounted remotely later during the boot process. In any case fixfiles continues
execution prompts the user after the file security contexts have been restored
using either setfiles or restorecon.
(In reply to comment #3)
> If you add back in the exit $? does it work?
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
*** This bug has been marked as a duplicate of 244636 ***