[DSE-Dev] Bug#922448: policycoreutils: /etc/init.d/selinux-autorelabel should run "sulogin $CONSOLE" if / is read-only
Russell Coker
russell at coker.com.au
Sat Feb 16 08:35:25 GMT 2019
Package: policycoreutils
Version: 2.8-1
Severity: normal
Tags: upstream
If /.autorelabel exists and the system can't mount the root filesystem rw then
it will enter a boot loop and never recover. The only recovery from such a
situation is to boot with selinux=0 on the kernel command line, fix the problem
that made it mount root ro, and then boot normally.
Also there should probably be a noautorelabel kernel command-line option.
-- System Information:
Debian Release: buster/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: default
Versions of packages policycoreutils depends on:
ii libaudit1 1:2.8.4-2
ii libc6 2.28-6
ii libselinux1 2.8-1+b1
ii libsemanage1 2.8-2
ii libsepol1 2.8-1
ii lsb-base 10.2018112800
ii selinux-utils 2.8-1+b1
policycoreutils recommends no packages.
policycoreutils suggests no packages.
-- no debconf information
More information about the SELinux-devel
mailing list