How to use EFI Shell to recover from SELinux Lockout?

coderama

3/15/23, 4:03 AM

I enabled SELinux on my Centos 8 box and now I can't get back into the server. It's hosted with a company, so I don't have physical access to it. But I do have access to advanced boot options, including the EFI shell. I am thinking if I can get access to the partitions, I can disable SELinux like that. However, I don't know how to get to the files. I followed the instructions here but I get stuck on this part:

For example, to select the storage device fs1, you can run the following command:
Shell> fs1:

or in my case:

Shell> blk0:

However, when I type that, I still see:

Shell>

When I am expecting to see:

blk0:\>

If I type:

blk9:

Then I get error:

'blk9:' is not a valid mapping

I dont get that if I type blk0. So it is aware of the mapping, it's just not switching folders.

Any thoughts on this?

0 + 0

centos

uefi

Gerald Schneider

3/20/23, 11:30 AM

Can you mount an iso file to boot from?

Gerald Schneider

3/20/23, 11:48 AM

Maybe you don't even need that. Can you log in via the local console? Can you boot into single user mode?

Gerald Schneider

3/20/23, 11:52 AM

Did you try to just set selinux to permissive mode with the grub boot options?

coderama

3/21/23, 12:05 PM

I ended up wiping the server and installing a new ISO. Luckily I needed Centos 7 instead of Centos 8, so I would have had to wipe it anyway. But it seems the generalk consensus is that you cant get in. I could only get into EFI console, and from there I have no idea how to access the harddrives. If I could, that would solve the problem.

coderama

3/21/23, 12:06 PM

Thanks for the help. An upvote would be nice as I cant currently post more questions. I have a +10k rep on stackoverflow, but somehow here nobody likes my questions :(

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to use EFI Shell to recover from SELinux Lockout?

TH: จะใช้ EFI Shell เพื่อกู้คืนจาก SELinux Lockout ได้อย่างไร

RO: Cum să utilizați EFI Shell pentru a vă recupera de la blocarea SELinux?

RU: Как использовать EFI Shell для восстановления после блокировки SELinux?

VI: Làm cách nào để sử dụng EFI Shell để khôi phục từ SELinux Lockout?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.