Description of problem: Boot sequence appears to hang during SELinux relabel operation. Version-Release number of selected component (if applicable): Red Hat Enterprise Linux AS release 4 (Nahant Update 5) How reproducible: touch /.autorelabel reboot Actual results: Boot sequence stops here: *** Warning -- SELinux relabel is required. *** *** Disabling security enforcement. *** *** Relabeling could take a very long time, *** *** depending on file system size. *** Expected results: Boot sequence continues after relabel is complete. Additional info: Apparent cause is: fixfiles command was broken in policycoreutils-1.18.1-4.12 The file /etc/rc.sysinit contains this: /sbin/fixfiles -F relabel > /dev/null 2>&1 Behavior of fixfiles per man page says -F skips prompting for removal of /tmp files. However, fixfiles from policycoreutils-1.18.1-4.12 prompts regardless if -F switch is used. This probably causes the apparent boot hang, as rc.sysinit is waiting at: /sbin/fixfiles -F relabel > /dev/null 2>&1 The fixfiles -F switch worked as expected in policycoreutils-1.18.1-4.9
By adding the fallback to use /sbin/restorecon if /usr/sbin/setfiles is not available, the "exit $?" statement has been removed from the end of the restore() function within /sbin/fixfiles. This causes fixfiles to continue execution after it actually finished relabeling.
We have not seen this in house although the exit $? is definitely removed. Does this only happen with a separate /usr partiition?
If you add back in the exit $? does it work?
(In reply to comment #2) > We have not seen this in house although the exit $? is definitely removed. > > Does this only happen with a separate /usr partiition? No, this happens always, regardless whether /usr is on a local partition or mounted remotely later during the boot process. In any case fixfiles continues execution prompts the user after the file security contexts have been restored using either setfiles or restorecon. (In reply to comment #3) > If you add back in the exit $? does it work? Yes.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
*** This bug has been marked as a duplicate of 244636 ***