💾 Archived View for chirale.org › 2018-02-21_4220.gmi captured on 2024-06-16 at 12:25:33. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-05-12)
-=-=-=-=-=-=-
If you get the “Failed to start Authorization manager” while booting a Linux OS (e.g. CentOS) most likely you’ve a SELinux misconfiguration.
The main issue is that if you’ve restarted the system, you cannot login since OpenSSH service is not running. If you’ve a virtual server, even the console shipped by your provider is stuck on the Authorization manager error.
The reason behind this in my case was a completely wrong value in SELINUXTYPE.
The example below is valid for a Digital Ocean’s droplet running a CentOS 7 but can be adapted to other providers and distro.
To fix it I had to:
1\. Boot the OS with initramfs (also called Recovery Kernel). You can do this on the dashboard provided by your virtual server provider (e.g. on Digital Ocean)
2\. Open the console from your provider’s dashboard
3\. Mount the root filesystem, e.g.
<br> mkdir /mnt<br> mount /dev/vfsa1 /mnt<br>
Where /dev/vfsa1 is your root partition.
4\. Move broken configuration and recreate selinux config file manually with:
<br> mv /mnt/etc/selinux/config /mnt/etc/selinux/config.BROKEN<br> touch /mnt/etc/selinux/config<br> cat > /mnt/etc/selinux/config<br>
Then type these two lines:
<br> SELINUX=disabled<br> SELINUXTYPE=targeted</p> <p>
Go to a new blank line after, then type Ctrl+D to quit. Since initramfs hasn’t a text editor like vi or nano, the simple cat \> filename do the trick.
5\. From your dashboard, change the kernel version to what you’ve used previously and Power Cycle (reboot) the machine using the dashboard because a reboot from initramfs in this state will restart initramfs itself.
Open the provider’s console on boot to see your system working again. Wait the services to start and then connect with your SSH client to see again your files and get again the control of your server.
Be careful when configuring SELinux again and create a shapshot and/or backup after you’ve restored your server…and before changing SELinux again.