SELinux writes “invalid argument” after setting permissive mode

I’ve recently upgraded my Fedora 32 Server on my server and used this guide to mirror my system drives. This works totally fine, but in step 9 I had to disable SELinux.
The only differences I took is:

  • instead of GPT I had to use MBR
  • instead of naming the system raid “root”, I named it “sys”

Now I just wanted to turn it on again (permissive mode – just in case), relabeled the filesystem with $ touch /.autorelabel ; reboot and waited. After another restart, my system is nearly broken.

I seems to run in single-user mode, no network. Inspecting my system tells me:

$ getenforce
permissive

$ ls -lZd /*
lrwxrwxrwx.   1 root root  ?                                        7 Jan 28 19:30 /bin -> usr/bin
dr-xr-xr-x.   6 root root  system_u:object_r:boot_t:s0           1024 Jun 27 07:50 /boot
drwxr-xr-x.  20 root root  system_u:object_r:device_t:s0         4460 Jun 28 16:18 /dev
drwxr-xr-x. 105 root root  system_u:object_r:etc_t:s0           12288 Jun 28 21:18 /etc
drwxr-xr-x.   2 root root  system_u:object_r:home_root_t:s0      4096 Jun 28 19:30 /home
lrwxrwxrwx.   1 root root  ?                                        7 Jun 28 19:30 /lib -> usr/lib
lrwxrwxrwx.   1 root root  ?                                        9 Jun 28 19:30 /lib64 -> usr/lib64
drwx------.   2 root root  ?                                    16384 Jun 21 2016  /lost+found
drwxr-xr-x.   2 root root  ?                                     4096 Jun 28 19:30 /media
drwxr-xr-x.   2 root root  ?                                     4096 Jun 28 19:30 /mnt
drwxr-xr-x.   3 root root  ?                                     4096 Jun 21 19:30 /opt
dr-xr-xr-x. 158 root root  system_u:object_r:proc_t:s0              0 Jun 28 2020  /proc
dr-xr-x---.   4 root root  ?                                     4096 Jun 28 19:30 /root
drwxr-xr-x.  32 root root  system_u:object_r:var_run_t:s0        1540 Jun 28 15:48 /run
lrwxrwxrwx.   1 root root  ?                                        8 Jun 28 19:30 /sbin -> usr/sbin
drwxr-xr-x.   2 root root  system_u:object_r:var_t:s0            4096 Jun 28 19:30 /srv
dr-xr-xr-x.  13 root root  system_u:object_r:sysfs_t:s0             0 Jun 28 15:48 /sys
drwxrwxrwt.   8 root root  system_u:object_r:tmp_t:s0             440 Jun 28 16:46 /tmp
drwxr-xr-x.  12 root root  ?                                     4096 Jun 21 12:39 /usr
drwxr-xr-x.  21 root root  system_u:object_r:var_t:s0            4096 Jun 21 13:37 /var

$ ausearch -m AVC,USER_AVC,SELINUX_ERR -ts today
tells me a lot about "USER_AVC" denied {status} and tcontext=unlabeld and so on
if relevant, I'll try to exactly re-type them here (single-user mode)

What me really bothers, I do not understand why there are “?” (question marks) instead of labels.
Any hints on how to repair this? I really want to use SELinux, but I can’t understand whats going on here. Any help is welcome.

Go to Source
Author: Michael Hirschler