Again, you're being far too vague. Can you login in text mode as root on the system console? Or are you trying to login to a desktop with a window manage, e.g. via xdm? These are completely different things. 1. Make sure you have the current and correct rpms installed, e.g. the mls policy. 2. Relabel everything again and make sure it completes without errors. 3. If you still can't login in text mode as root from the console, look at the specific causes listed in the auditd log. If you haven't already done so, I would suggest you become good friends with audit2allow, etc... HW On Thu, 27 Oct 2016 01:32:36 +0500 Kashif ali <kashif.ali.9498@xxxxxxxxx> wrote: > i am logging on local machine directly and if i put msl in permissive mode > it will just generate logs for the policy violation which is expected in > permissive but if i am unable to use mls in enforcing mode then it is quit > wrong behavior > > On Thu, Oct 27, 2016 at 1:27 AM, Harry Waddell <waddell@xxxxxxxxxxxxxxxx> > wrote: > > > On Wed, 26 Oct 2016 10:17:27 -0400 > > Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > > > > On 10/26/2016 03:47 AM, Kashif ali wrote: > > > > Hi > > > > Hope you're fine i know your busy but i need your little time if you > > > > can manage that will be great for me. > > > > i'm facing an issue in MLS Policy of Selinux when i relabel the system > > > > and reboot it it won't allow me to login(i'm signing in my machine ) i > > > > used these commands > > > > * set the selinux to enforcing > > > > * touch ./autorelabel for relabeling the system > > > > * and then reboot the system and it won't allow me to login > > > > > > > > Kindly help in this problem because i'm stuck in it for a while and it > > > > will be very greatful. Thanks > > > > > > Generally it is a good idea to first bring up the system in permissive > > > when switching to MLS, and check that there are no residual denials or > > > other SELinux errors that need to be addressed before putting it into > > > enforcing mode. We would need to see the actual error messages to help > > > debug further. And it would help to specify your specific distribution > > > and version. > > > > > > > Agreed. At this point, I think the only recourse for Kashif is to > > boot the system into rescue mode, e.g. using the install dvd, > > mount the filesystem, and edit the /etc/sysconfig/selinux file to > > change enforcing to permissive. > > > > Saying "it won't allow me to login" is too vague. Is "me" root? > > Is login from the console of via ssh? It could be that a boolean > > needs to be changed, but that's just speculation at this point. > > Once it's in permissive mode, hopefully the problem will be somewhat > > obvious. > > > > > > > > > > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.