[Arm-dev] SELinux relabeling looping

Robert Moskowitz rgm at htt-consult.com
Tue May 2 16:36:17 UTC 2017



On 05/02/2017 12:01 PM, Andreas Reschke wrote:
> Am 02.05.2017 um 17:52 schrieb Robert Moskowitz:
>> I am starting on a fresh install of the 1611 Cubietruck image.  This
>> time I am running on a Cubietruck, not a Cubieboard2.
>>
>> I have the cubietruck uboot on a mSD card and the image installed on a
>> Kingston 240Gb SSD drive.
>>
>> I boot up, log in with root with the default password.  All I do is
>> change /boot/extlinux/extlinux.conf with:
>>
>> sed -i -e "s/enforcing=0/enforcing=1/w /dev/stdout"
>> /boot/extlinux/extlinux.conf
>>
>> Note that https://wiki.centos.org/SpecialInterestGroup/AltArch/Arm32 is
>> wrong saying:
>>
>> If you want to switch to enforcing mode, you'll have so to first modify
>> the following files /etc/sysconfig/selinux : change from "permissive" to
>> "enforcing"
>>
>>    * rpi2/rpi3 : /boot/cmdline.txt: change "enforce=0" to "enforcing=1"
>>    * other image/board[s]: /boot/extlinux/extlinux.conf : change the
>>      "enforce=0" to "enforce=1"
>>
>>
>> It is enforcing=0 on the Cubietruck image.  Then:
>>
>> touch /.autorelabel
>>
>> and
>>
>> reboot
>>
>> I get the log message:
>>
>> [   18.453896] brcmfmac: brcmf_sdio_htclk: HT Avail timeout (1000000):
>> clkctl 0x50
>>
>> *** Warning -- SELinux targeted policy relabel is required.
>> *** Relabeling could take a very long time, depending on file
>> *** system size and speed of hard drives.
>> [   54.365478] random: nonblocking pool is initialized
>> Warning: Skipping the following R/O filesystems:
>> /sys/fs/cgroup
>>
>>
>> Then after some time, it goes through a shutdown, reboots and comes back
>> to this state.  Then reboots again.  I have tried this twice.
>>
>> Next I will try on my Cubieboard2, that I will have to take down from
>> its testing position for this test.  If it still fails, I will try a
>> HD.  These commands have worked for my on the C2 with a HD and a mSD
>> card.  I don't recall if I have tried them on a CT.
>>
>> But any thoughts are appreciated!
>>
>> thanks
> Hello Bob,
>
> I've have a running CentOS (update) on my Cubietruck with selinux enabled.
> SELINUX=enforcing in /etc/selinu/config
> and
> enforcing=1 in /boot/extlinux/extlinux.conf
>
> Greetings
> Andreas

I have been running for some time as well.  I just tested the SSD card 
on the C2 and it failed the same way.  I grabbed a 120Gb HD off my 
workbench and am now installing the base image to test it.  This will 
see if the problem is the SSD card.

What steps did you take, if you noted them down?  I am doing this 
WITHOUT expanding the partition sizes.  I want to have a base image that 
I can save for a checkpoint without taking up a lot of disk space.




More information about the Arm-dev mailing list