Swap fails to mount at boot -- resolved!

At some point of my regular yum updates, I noticed there was no swapspace being mounted at boot time. I was however able to manually mount it after booting via, `swapon -a`.

The failure was caused due to SELinux policy and "/etc/fstab" file context settings. I was getting the below message in my logs:

Sep 17 12:12:36 localhost kernel: audit(1158509512.509:51): avc:  denied  
{ read } for  pid=1429 comm="swapon" name="fstab" dev=dm-0 ino=899639 
scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file

I found my solution in the SELinux FAQ


Q:
When I do an upgrade of the policy package (for example, using yum), what happens with the policy? Is it updated automatically?

A:
Policy reloads itself when the package is updated. This behavior replaces the manual make load.

In certain situations, you may need to relabel the file system. This might occur as part of an SELinux bug fix where file contexts become invalid, or when the policy update makes changes to the file /etc/selinux/targeted/contexts/files/file_contexts.

After the file system is relabeled, a reboot is not required, but is useful in ensuring every process and program is running in the proper domain. This is highly dependent on the changes in the updated policy.

To relabel, you have several options. You may use the fixfiles command:

fixfiles relabel
reboot

Alternately, use the /.autorelabel mechanism:

touch /.autorelabel
reboot

As stated above I used the second method of doing an autorelable at the next boot by creating an empty "/.autorelabel" file and a `reboot`.

Comment