I enabled selinux to make some tests (with enforcing) and now my AWS instance is unable to boot.
From the instance screenshot I see that it can't start some services like login
How can I recover the instance?
here a screenshot of the errors
Asked
Active
Viewed 187 times
1
Seba
- 167
- 10
1 Answers
2
It looks like none of your files have SELinux labels.
You should first set SELinux to permissive. You will need to start a new instance and attach your existing instance's EBS volume to it to make this change and allow you to boot it again.
After you boot the system with SELinux in permissive mode, you can relabel all your files with restorecon -rv /, then finally you can reboot in enforcing mode.
For future reference you should never set SELinux to disabled. If you must "disable" it for something, you should either set SELinux to permissive, or set a single SELinux domain to permissive (for a single service).
Michael Hampton
- 244,070
- 43
- 506
- 972
-
You can usually also `touch /.autorelabel` to force relabelling on subsequent boot. – bodgit Mar 20 '19 at 15:59
-
@bodgit Because EC2 doesn't provide live access to the VM console, I prefer to do this manually. – Michael Hampton Mar 20 '19 at 16:02
-
the current app doesn't have selinux enable so when I setup the AWS i disable it and setup the same machine there, but now we want to enable it so i was trying to make some tests. Basically if I want to enable it on the live server I need to set `permissive` use `restorecon -rv /` and then use `enforcing` right? – Seba Mar 21 '19 at 08:16
-
@Sebastiano That's correct. – Michael Hampton Mar 21 '19 at 13:54