The root cause of this error is that the policy file is corrupted or empty. After turning on SELinux, the system is unable to boot. The screen displays the following messages and the booting process does not continue.
[ OK ] Reached target Switch Root. Starting Switch Root… [!!!!!!] Failed to load SELinux policy, freezingUserspace SELinux utilities report errors like below.
<module>:ValueError: Failed to read //etc/selinux/targeted/policy/policy.31 policy fileRebuild the policy’s binary representation, restore the selinux policy package, or restore the policy from a backup.
Option 1: Use backups
Archive the SELinux store available in the /etc/selinux/targeted directory. # mv /etc/selinux/targeted /root/selinux-targeted-archive and restore content of this directory from backups. Backup and restore process is not covered by this article.Option 2: Rebuild the policy
Archive or remove the policy file and run semodule -B to force the policy rebuild.
# rm /etc/selinux/targeted/policy/policy.31 # semodule -BOption 3: Reinsall the policy package
Save important parts of SELinux configuration.
# semanage export -f /root/semanage-export # semodule -lfull > /root/semodule-listand possibly all other changes which should be kept for reusing. Archive the SELinux store in the /etc/selinux/targeted directory.
# mv /etc/selinux/targeted /root/selinux-targeted-archive # yum reinstall selinux-policy-targetedApply the changes you saved: For policy configuration, look over the semanage-export file’s contents and execute.
# semanage import -f /root/semanage-exportYou must locate the file representation of modified or custom selinux policy modules from the moment of their creation, or you must recreate them based on audit log data.
Apply all additional changes required to get to the previous configuration state.
