Daniel J Walsh <dwalsh <at> redhat.com> writes:
... SELinux relabeling is caused by booting a rescue mode kernel. As soon as you boot a system with SELinux disabled, the init system creates the /.autorelabel file, so the next time it boots with SELinux it will relabel.
Question: Are you not setting yourself up for trouble with this /.autorelabel here ?
Case: - I disable selinux # cat /etc/sysconfig/selinux ... SELINUX=disabled - I reboot the system, - /.autorelabel created by sys init, - I enable selinux again, - I reboot with intention to boot rescue mode kernel (obviously because I assume there is some problem to fix; it would make sense to boot to the same system state that caused me to want it have investigated or fixed, without e.g. any potential interruption or fs changes, perhaps from selinux doing relabeling), - Selinux jumps in with relabeling (potential interference/change to system state as described above, it may not even finish its job, and so I am stuck and unable to fix the system, now and possibly on next attempt as well).
Do you see a problem here ?
JB