Computer Security, Operating Systems, Technology, Tutorials

How To Fix SELinux Policy Error In Red Hat Enterprise Linux

August 4, 2017

So you’ve encountered a “Failed to load SELinux policy. Freezing.” error message during your system’s attempted boot of Red Hat Enterprise Linux Server.

You are getting this:

 

 

When the SELinux policy error message is displayed, your RHEL operating system is unable to boot and function correctly. This could be due to several factors such as misconfiguration to important files like /etc/selinux/config or installation of VirtualBox Guest Additions while having conflicting security policy selected during initial installation of RHEL.

It’s important to apply a fix as soon as possible, especially for mission-critical infrastructures.

There is no need to panic. I provide a proper tested solution below to fix and prevent this problem from occurring again:

Edit Linux Boot Configuration In Boot Menu

When you arrive at the boot menu, proceed to edit the boot configuration by:

  • Pressing ‘e‘ on your keyboard.

After you have pressed ‘e‘, you will see the boot content:

 

The next step is scrolling down using your arrow keys until you see a particular area of the boot content within the configuration as displayed below:

 

Edit the particular area of the boot content within the configuration by:

  • Starting with the linux16 section, add the parameter “selinux=0” after “crashkernel=auto” as shown below:

 

The parameter “selinux=0” means disabling SELinux and allowing the boot of RHEL server to succeed.

Press CTRL + X to start which lets you boot your server using the newly modified configuration.

At this point, your Linux system will have booted successfully without the SELinux Policy error message displaying again.

There are a few more steps that are need to be performed to ensure that this SELinux Policy error does not occur again:

Reinstall SELinux-Policy-Targeted

Proceed by opening a terminal and typing the following commands:

  • su
  • yum reinstall selinux-policy-targeted
  • touch /.autorelabel

Reboot your system by typing the following command into terminal:

  • systemctl reboot

After the reboot, check to see if the SELinux status is ‘enabled’ by typing the following command into terminal:

  • sestatus

You Might Also Like

Back to top
%d bloggers like this: