What does /.autorelabel do when we reset the password in Red Hat?Does AIX really beat Red Hat Enterprise Linux?What version of Red Hat is used for the Red Hat Certified System Administrator Exam?Why does Red Hat Linux use such an old kernel?Is Red Hat Linux licensedRed Hat Network (RHN) and package updatesRED HAT LOGIN problem with rootCompiling for Red Hat 5.9How should I download Red Hat Enterprise Linux?Red Hat no package realmd availableRed Hat 7 GDM + NIS Only Validates First 7 Characters of Password
Intersection Puzzle
How could indestructible materials be used in power generation?
Short story with a alien planet, government officials must wear exploding medallions
How badly should I try to prevent a user from XSSing themselves?
In 'Revenger,' what does 'cove' come from?
What's the in-universe reasoning behind sorcerers needing material components?
Mathematica command that allows it to read my intentions
How dangerous is XSS?
Should I tell management that I intend to leave due to bad software development practices?
How do I deal with an unproductive colleague in a small company?
Venezuelan girlfriend wants to travel the USA to be with me. What is the process?
What exploit are these user agents trying to use?
What does the expression "A Mann!" means
Am I breaking OOP practice with this architecture?
Zip/Tar file compressed to larger size?
Are there any examples of a variable being normally distributed that is *not* due to the Central Limit Theorem?
What about the virus in 12 Monkeys?
How would I stat a creature to be immune to everything but the Magic Missile spell? (just for fun)
Different meanings of こわい
Watching something be piped to a file live with tail
Is there an expression that means doing something right before you will need it rather than doing it in case you might need it?
Is it possible to create a QR code using text?
Why didn't Boeing produce its own regional jet?
Is there a hemisphere-neutral way of specifying a season?
What does /.autorelabel do when we reset the password in Red Hat?
Does AIX really beat Red Hat Enterprise Linux?What version of Red Hat is used for the Red Hat Certified System Administrator Exam?Why does Red Hat Linux use such an old kernel?Is Red Hat Linux licensedRed Hat Network (RHN) and package updatesRED HAT LOGIN problem with rootCompiling for Red Hat 5.9How should I download Red Hat Enterprise Linux?Red Hat no package realmd availableRed Hat 7 GDM + NIS Only Validates First 7 Characters of Password
In RHEL, after we
do an rd.break, and all the procedure, and
do a touch /.autorelabel,
what does the /.autorelabel do?
rhel
New contributor
add a comment |
In RHEL, after we
do an rd.break, and all the procedure, and
do a touch /.autorelabel,
what does the /.autorelabel do?
rhel
New contributor
3
have you done any research to try to answer your question?
– jsotola
Apr 1 at 3:21
add a comment |
In RHEL, after we
do an rd.break, and all the procedure, and
do a touch /.autorelabel,
what does the /.autorelabel do?
rhel
New contributor
In RHEL, after we
do an rd.break, and all the procedure, and
do a touch /.autorelabel,
what does the /.autorelabel do?
rhel
rhel
New contributor
New contributor
edited 2 days ago
K7AAY
934928
934928
New contributor
asked Apr 1 at 3:12
SkySky
241
241
New contributor
New contributor
3
have you done any research to try to answer your question?
– jsotola
Apr 1 at 3:21
add a comment |
3
have you done any research to try to answer your question?
– jsotola
Apr 1 at 3:21
3
3
have you done any research to try to answer your question?
– jsotola
Apr 1 at 3:21
have you done any research to try to answer your question?
– jsotola
Apr 1 at 3:21
add a comment |
1 Answer
1
active
oldest
votes
The rd.break
parameter interrupts the boot process before the control is passed over to the kernel. At this point, when you run the passwd
command to do the password reset, the associated shadow file (/etc/shadow
) is modified with an incorrect SELinux context.
The touch /.autorelabel
command creates a hidden file named .autorelabel
under the root directory. On the next boot, the SELinux subsystem will detect this file, and then relabel all of the files on that system with the correct SELinux contexts. On large disks, this process can take a good amount of time.
An alternative to the complete relabeling approach is also mentioned in the documentation. First, use the parameters rd.break enforcing=0
when editing the GRUB entry. This will result in the system eventually booting with SELinux set to permissive mode (warn, but do not block). Then, proceed to change the password in the same manner as before. Continue the boot process and allow the system to come up. Once it comes up, run restorecon /etc/shadow
to restore the correct SELinux context to the /etc/shadow
file. Then, run setenforce 1
to re-enable SELinux and start using the system.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sky is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f509798%2fwhat-does-autorelabel-do-when-we-reset-the-password-in-red-hat%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The rd.break
parameter interrupts the boot process before the control is passed over to the kernel. At this point, when you run the passwd
command to do the password reset, the associated shadow file (/etc/shadow
) is modified with an incorrect SELinux context.
The touch /.autorelabel
command creates a hidden file named .autorelabel
under the root directory. On the next boot, the SELinux subsystem will detect this file, and then relabel all of the files on that system with the correct SELinux contexts. On large disks, this process can take a good amount of time.
An alternative to the complete relabeling approach is also mentioned in the documentation. First, use the parameters rd.break enforcing=0
when editing the GRUB entry. This will result in the system eventually booting with SELinux set to permissive mode (warn, but do not block). Then, proceed to change the password in the same manner as before. Continue the boot process and allow the system to come up. Once it comes up, run restorecon /etc/shadow
to restore the correct SELinux context to the /etc/shadow
file. Then, run setenforce 1
to re-enable SELinux and start using the system.
add a comment |
The rd.break
parameter interrupts the boot process before the control is passed over to the kernel. At this point, when you run the passwd
command to do the password reset, the associated shadow file (/etc/shadow
) is modified with an incorrect SELinux context.
The touch /.autorelabel
command creates a hidden file named .autorelabel
under the root directory. On the next boot, the SELinux subsystem will detect this file, and then relabel all of the files on that system with the correct SELinux contexts. On large disks, this process can take a good amount of time.
An alternative to the complete relabeling approach is also mentioned in the documentation. First, use the parameters rd.break enforcing=0
when editing the GRUB entry. This will result in the system eventually booting with SELinux set to permissive mode (warn, but do not block). Then, proceed to change the password in the same manner as before. Continue the boot process and allow the system to come up. Once it comes up, run restorecon /etc/shadow
to restore the correct SELinux context to the /etc/shadow
file. Then, run setenforce 1
to re-enable SELinux and start using the system.
add a comment |
The rd.break
parameter interrupts the boot process before the control is passed over to the kernel. At this point, when you run the passwd
command to do the password reset, the associated shadow file (/etc/shadow
) is modified with an incorrect SELinux context.
The touch /.autorelabel
command creates a hidden file named .autorelabel
under the root directory. On the next boot, the SELinux subsystem will detect this file, and then relabel all of the files on that system with the correct SELinux contexts. On large disks, this process can take a good amount of time.
An alternative to the complete relabeling approach is also mentioned in the documentation. First, use the parameters rd.break enforcing=0
when editing the GRUB entry. This will result in the system eventually booting with SELinux set to permissive mode (warn, but do not block). Then, proceed to change the password in the same manner as before. Continue the boot process and allow the system to come up. Once it comes up, run restorecon /etc/shadow
to restore the correct SELinux context to the /etc/shadow
file. Then, run setenforce 1
to re-enable SELinux and start using the system.
The rd.break
parameter interrupts the boot process before the control is passed over to the kernel. At this point, when you run the passwd
command to do the password reset, the associated shadow file (/etc/shadow
) is modified with an incorrect SELinux context.
The touch /.autorelabel
command creates a hidden file named .autorelabel
under the root directory. On the next boot, the SELinux subsystem will detect this file, and then relabel all of the files on that system with the correct SELinux contexts. On large disks, this process can take a good amount of time.
An alternative to the complete relabeling approach is also mentioned in the documentation. First, use the parameters rd.break enforcing=0
when editing the GRUB entry. This will result in the system eventually booting with SELinux set to permissive mode (warn, but do not block). Then, proceed to change the password in the same manner as before. Continue the boot process and allow the system to come up. Once it comes up, run restorecon /etc/shadow
to restore the correct SELinux context to the /etc/shadow
file. Then, run setenforce 1
to re-enable SELinux and start using the system.
answered Apr 1 at 3:43
HaxielHaxiel
3,49811021
3,49811021
add a comment |
add a comment |
Sky is a new contributor. Be nice, and check out our Code of Conduct.
Sky is a new contributor. Be nice, and check out our Code of Conduct.
Sky is a new contributor. Be nice, and check out our Code of Conduct.
Sky is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f509798%2fwhat-does-autorelabel-do-when-we-reset-the-password-in-red-hat%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
have you done any research to try to answer your question?
– jsotola
Apr 1 at 3:21