SLE Micro - SELinux Relabeling Service runs at every reboot
This document (000020773) is provided subject to the disclaimer at the end of this document.
Environment
Situation
slem:~ # cat /sys/kernel/security/lsm lockdown,capability,selinux
slem:~ # systemd-analyze blame 31.541s \x2esnapshots-relabel.service 18.241s wicked.service ..initrd detects a labeled system but disabled SELinux:
Sep 19 13:35:09 slem systemd[1]: Starting dracut pre-pivot and cleanup hook... Sep 19 13:35:09 slem dracut-pre-pivot[435]: Warning: SElinux is off in lablelled system!SELinux itself thinks it is enabled, so the selinux-relabel-generator runs
Sep 19 13:35:12 slem root[472]: SELinux relabel generator: selinux is enabled Sep 19 13:35:12 slem root[473]: SELinux relabel generator: /etc/selinux/.autorelabel exist
Sep 19 13:35:13 slem systemd[1]: Successfully loaded SELinux policy in 2.093083s. Sep 19 13:35:13 slem systemd[1]: Relabelled /dev, /dev/shm, /run, /sys/fs/cgroup in 106.786ms.
Resolution
GRUB_CMDLINE_LINUX_DEFAULT="splash=silent swapaccount=1 apparmor=0 mitigations=auto quiet crashkernel=195M,high crashkernel=72M,low security=selinux selinux=1"
2) run:
transactional-update grub.cfg3) reboot
Cause
Sep 19 13:35:06 slem kernel: Command line: BOOT_IMAGE=/boot/vmlinuz-5.3.18-150300.59.93-default root=UUID=d14ddd02-01f3-4910-b9ff-bf38d1684a64 rd.timeout=60 splash=silent swapaccount=1 apparmor=0 mitigations=auto quiet crashkernel=195M,high crashkernel=72M,low security=selinux
Additional Information
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020773
- Creation Date: 20-Sep-2022
- Modified Date:20-Sep-2022
-
- SUSE Linux Enterprise Micro
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com