Home / Failed to load SELinux policy, freezing: System cannot boot

Failed to load SELinux policy, freezing: System cannot boot

The root cause of this error is that the policy file is corrupted or empty. After turning on SELinux, the system is unable to boot. The screen displays the following messages and the booting process does not continue.

[ OK ] Reached target Switch Root.
Starting Switch Root...
[!!!!!!] Failed to load SELinux policy, freezing

Userspace SELinux utilities report errors like below.

<module>:ValueError: Failed to read //etc/selinux/targeted/policy/policy.31 policy file

Rebuild the policy's binary representation, restore the selinux policy package, or restore the policy from a backup.

Option 1: Use backups

Archive the SELinux store available in the /etc/selinux/targeted directory.
# mv /etc/selinux/targeted /root/selinux-targeted-archive
and restore content of this directory from backups. Backup and restore process is not covered by this article.

Option 2: Rebuild the policy

Archive or remove the policy file and run semodule -B to force the policy rebuild.

 # rm /etc/selinux/targeted/policy/policy.31
# semodule -B

Option 3: Reinsall the policy package

Save important parts of SELinux configuration.

 # semanage export -f /root/semanage-export
# semodule -lfull > /root/semodule-list

and possibly all other changes which should be kept for reusing. Archive the SELinux store in the /etc/selinux/targeted directory.

 # mv /etc/selinux/targeted /root/selinux-targeted-archive
# yum reinstall selinux-policy-targeted

Apply the changes you saved: For policy configuration, look over the semanage-export file's contents and execute.

 # semanage import -f /root/semanage-export

You must locate the file representation of modified or custom selinux policy modules from the moment of their creation, or you must recreate them based on audit log data.

Apply all additional changes required to get to the previous configuration state.

All options

Verify the current policy file status and reboot the system with selinux enabled.
# ls -l /etc/selinux/targeted/policy
-rw-r--r--. 1 root root 3726576 Oct 1 12:34 /etc/selinux/targeted/policy/policy.31

Leave a Reply