The root cause of this error is that the policy file is corrupted or empty. After turning on SELinux, the system is unable to boot. The screen displays the following messages and the booting process does not continue.
[ OK ] Reached target Switch Root. Starting Switch Root... [!!!!!!] Failed to load SELinux policy, freezing
Userspace SELinux utilities report errors like below.
<module>:ValueError: Failed to read //etc/selinux/targeted/policy/policy.31 policy file
Rebuild the policy's binary representation, restore the selinux policy package, or restore the policy from a backup.
Option 1: Use backups
# mv /etc/selinux/targeted /root/selinux-targeted-archive
Option 2: Rebuild the policy
Archive or remove the policy file and run semodule -B to force the policy rebuild.
# rm /etc/selinux/targeted/policy/policy.31 # semodule -B
Option 3: Reinsall the policy package
Save important parts of SELinux configuration.
# semanage export -f /root/semanage-export # semodule -lfull > /root/semodule-list
and possibly all other changes which should be kept for reusing. Archive the SELinux store in the /etc/selinux/targeted directory.
# mv /etc/selinux/targeted /root/selinux-targeted-archive # yum reinstall selinux-policy-targeted
Apply the changes you saved: For policy configuration, look over the semanage-export file's contents and execute.
# semanage import -f /root/semanage-export
You must locate the file representation of modified or custom selinux policy modules from the moment of their creation, or you must recreate them based on audit log data.
Apply all additional changes required to get to the previous configuration state.
All options
# ls -l /etc/selinux/targeted/policy -rw-r--r--. 1 root root 3726576 Oct 1 12:34 /etc/selinux/targeted/policy/policy.31
