After installed SELinux system is stuck and not booting

boot selinux

There's a permanent fix for it, You'll just need to press shift to boot in recovery mode then go to terminal then put disabled=1 then resume booting without a restart then go to /etc/selinux then go to the config file then default choice turn selinux=enforcing to selinux=disabled... There u go uve got ur machine booting again!


I've had a similar problem. In order to boot the machine, I stopped GRUB and edited the Ubuntu boot entry (press e) and removed SELinux temporarily from the boot arguments, just as explained by @poige in his answer.

Since AppArmor and SELinux conflict, I suggest this procedure to disable apparmor and install more SELinux packages:

  1. Remove apparmor from your system

    sudo systemctl stop apparmor
sudo apt remove apparmor                   # I guess you could also just disable the service
sudo apt update && sudo apt upgrade -yuf   # (optional) this is just to update your system without prompts

    • Optional: You can purge apparmor later if you think you won't need it in the future:

      sudo apt purge apparmor

  2. Reboot (if you get stuck in boot again, edit the GRUB entry to boot)

  3. Install SELinux with some auxiliary packages:

    sudo apt install selinux selinux-utils selinux-basics auditd audispd-plugins
sudo sestatus           # SELinux should be disabled now
sudo reboot
    • Note: After rebooting your system, SELinux should be enabled, but in permissive mode. Permissive mode means any actions that would have been disallowed are allowed, but logged in your system’s audit log located in the /var/log/audit/audit.log file.

  4. After reboot, check that selinux is installed:

    $ sudo sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             default
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     requested (insecure)
Max kernel policy version:      31

Now you should be able play with SELinux and change its settings to get your desired level of security. More info about this in Installing SELinux on Ubuntu 18.04.


Bad thing is Ubuntu is a bad choice for playing with SELinux — they pet Apparmor instead (which isn't up to SELinux' level with quite different approach, but that's another story).

The issue you've run into is easy to fix (that was good thing part):

  • During boot you'd need to get to GRUB's menu and edit kernel's parameter which enforces use of SELinux: selinux=1.
  • Unset it with …=0 (IOW, replacing 1 with 0) and proceed with booting then.

At this point the system should be successfully booted but it's not all done yet.

— It's time to put long-term fix. May be uninstall SELinux? :) It might still be not enough though. Checkout /etc/default/grub with an sudo …YourEditor… and if you'd see there

GRUB_CMDLINE_LINUX_DEFAULT="security=selinux selinux=1"

cut it down to empty string after assignment: …LT=""

then sudo update-grub to re-generate GRUB's config.

Related

Numlock always ON
What is difference between ubuntu 18 and 20? [closed]
tethering iphone 6s and ubuntu 20.04 - not working
Import a certificate in Evolution mail client
Help me with making macOS USB on Ubuntu?
Copy everything but ignore something [duplicate]
Cannot run mysql after update to 20.04
What's the difference in use between a strikethrough and an epanorthosis?
The Information Age and Industrial Revolution "were similar" or "are similar"?
Why the construction "They it was who..." is grammatically correct?
wonder if/whether (negative clause)
Is "manifold" as meaning "rightfully so-called for many reasons" used only with pejoratives?