I had some weird labelling problems on machine which was upgraded from F11 to rawhide recently. So I have disabled SELinux, and removed the selinux-policy and selinux-policy-targeted packages. Then after reboot I've reinstalled the packages again, touched /.autorelabel, set SELinux to permissive in /etc/selinux/, and rebooted the system again. Unfortunately after the reboot the SELinux stays disabled and there is nothing in log files except SELinux: Initializing. SELinux: Starting in permissive mode SELinux: Registering netfilter hooks. I found that selinuxfs is not mounted on /selinux mountpoint. There is no selinux=0 on grub kernel command line.
vi /etc/selinux/config change disabeled to enabled.
I of course have SELINUX=permissive in /etc/selinux/config (there is no disabled in /etc/selinux/config at all) I've tried also setting SELINUX=enabled in the config file + reboot but it does not help anyway. I suspect it is caused by the changes to the initrd with change from mkinitrd to dracut.
THen we will blame it on dracut. :^)
ok, please install dracut-001-6.gitf5c4374d.fc12 from http://koji.fedoraproject.org/koji/buildinfo?buildID=131035 on your system and recreate initrd-generic with dracut (like with mkinitrd) # dracut -f \ /boot/initrd-generic-2.6.31-0.174.rc7.git2.fc12.x86_64.img \ 2.6.31-0.174.rc7.git2.fc12.x86_64
sry, of course with the correct version # dracut -f /boot/initrd-generic-$(uname -r).img $(uname -r)
Unfortunately I am unable to boot with initrd created by the command above - it panics because it cannot find root device on LVM volume. This was output during the dracut run: dracut -f /boot/initrd-generic-2.6.31-0.190.rc8.fc12.x86_64.img 2.6.31-0.190.rc8.fc12.x86_64 W: Possible missing firmware aic94xx-seq.fw for module aic94xx.ko W: Possible missing firmware ql8100_fw.bin for module qla2xxx.ko W: Possible missing firmware ql2500_fw.bin for module qla2xxx.ko W: Possible missing firmware ql2400_fw.bin for module qla2xxx.ko W: Possible missing firmware ql2322_fw.bin for module qla2xxx.ko W: Possible missing firmware ql2300_fw.bin for module qla2xxx.ko W: Possible missing firmware ql2200_fw.bin for module qla2xxx.ko W: Possible missing firmware ql2100_fw.bin for module qla2xxx.ko ln: creating symbolic link `/tmp/initramfs.fEVu6Kbin/reboot': No such file or directory 60390 blocks
do you have /usr on a separate partition?
if yes, then this is related to bug 521932
No. The only separate partition is /boot which is on /dev/sda1. The root is on LVM volume.
does: # /usr/sbin/load_policy -i && echo OK work?
ok, symlink /etc/sysconfig/selinux to /etc/config/selinux was missing and also bug 522486 happened. Will add code to honor /etc/config/selinux also.