How to avoid long downtime at reboot due to relabelling when going from SELinux disabled to permissive mode?

Solution Verified - Updated -

Issue

  • System goes in the SELinux autorelabel process (automatically) when you switch SELinux state from Disabled to Permissive mode and reboot the server.

    • This autorelabel process takes a long time based on how large the filesystem is and how many file it need to relabel on boot and can take quite long for large filesystem which causes a long downtime.
    • How to avoid long booting time when switching SELinux from Disabled mode to Permissive mode ?

  • Is there a way to exclude large file system form the SELinux autorelabel process to avoid long time during reboot ?

  • Can we relabel large filesystem manually post bootup to Permissive mode and avoid them from being relabeled during boot ?

Environment

  • Red Hat Enterprise Linux 9
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • SELinux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content