At some point of my regular yum updates, I noticed there was no swapspace being mounted at boot time. I was however able to manually mount it after booting via, `swapon -a`.
The failure was caused due to SELinux policy and "/etc/fstab" file context settings. I was getting the below message in my logs:
Sep 17 12:12:36 localhost kernel: audit(1158509512.509:51): avc: denied { read } for pid=1429 comm="swapon" name="fstab" dev=dm-0 ino=899639 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:fil e_t:s0 tclass=file
I found my solution in the SELinux FAQ
A:
Policy reloads itself when the package is updated. This behavior replaces the manual make load.In certain situations, you may need to relabel the file system. This might occur as part of an SELinux bug fix where file contexts become invalid, or when the policy update makes changes to the file /etc/selinux/targeted/contexts
/files/file_contexts. After the file system is relabeled, a reboot is not required, but is useful in ensuring every process and program is running in the proper domain. This is highly dependent on the changes in the updated policy.
To relabel, you have several options. You may use the fixfiles command:
fixfiles relabel rebootAlternately, use the /.autorelabel mechanism:
touch /.autorelabel reboot
As stated above I used the second method of doing an autorelable at the next boot by creating an empty "/.autorelabel" file and a `reboot`.
- sandip's blog
- Login or register to post comments