Package: policycoreutils Version: 2.8-1 Severity: normal Tags: upstream If /.autorelabel exists and the system can't mount the root filesystem rw then it will enter a boot loop and never recover. The only recovery from such a situation is to boot with selinux=0 on the kernel command line, fix the problem that made it mount root ro, and then boot normally.
Also there should probably be a noautorelabel kernel command-line option. -- System Information: Debian Release: buster/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Enforcing - Policy name: default Versions of packages policycoreutils depends on: ii libaudit1 1:2.8.4-2 ii libc6 2.28-6 ii libselinux1 2.8-1+b1 ii libsemanage1 2.8-2 ii libsepol1 2.8-1 ii lsb-base 10.2018112800 ii selinux-utils 2.8-1+b1 policycoreutils recommends no packages. policycoreutils suggests no packages. -- no debconf information _______________________________________________ SELinux-devel mailing list SELinux-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/selinux-devel