Hi, SELinux hangs at boot with the following error: [boot_time] audit: type=1400 audit(...): avc: denied {search} for pid=963 comm="init" name="/" dev="sdd2" ino=2 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:mnt_t tclass=dir permissive=0 After a while, pid changes to 1. The setup is: gentoo is on sdd2, ext4, no extra partitions for /boot /tmp. grub2 is installed to mbr of sdd. fun fact (or where my knowledge of boot process definitely ends): I installed fedora on another drive, same setup, let's say sda2, and it's grub to mbr of sda. If i boot into fedora from the sdd bootloader, I get the same error in fedora's boot process (and get stuck), if I boot from sda, I don't. I appreciate any help. Thanks Reproducible: Always
Please try running 'rlkg -ar' while in permissive mode and then rebooting and see if this fixes the issue. Otherwise, I think we need some more information to help troubleshoot this. These are the things that are coming to mind right away: 1) Are you using an initramfs? If so, which? 2) What init system are you using? 3) What filesystems (if any) are mounted in /mnt? Are there any files you have there that might influence booting? I suspect if you are using an initramfs then the SELinux policy is being loaded before init has a chance to re-exec itself (and thus run in the init_t domain). I also wonder why whatever directory init is searching is labeled mnt_t. I think it's most likely that the root directory of the root filesystem is incorrectly labeled which could lead to this behavior. I also find it strange that you are able to reproduce this with a Fedora install, which tells me you might be doing something "exotic" in your installation in both cases.
thank you! that fixed it. Relabeled the files, and removed folder /gentoo from /mnt/gentoo. After that it boots fine. fyi: nothing exotic. Openrc, with initramfs "shipped by genkernel". Thanks again for your help.
