Hello, I’m looking for help again, pals. My login password has expired and prompted me to make a new one. When trying to change password, the attempt didn’t succeed because of bad dictionary check. Then I attempted to change my root password instead and follow these steps (via rescue mode). However, I missed to restore SELinux content and just rebooted my machine. I couldn’t get into login menu and decided to reset my root password once again. But, it seems that
touch /.autorelabel can’t be done with the output:
touch: cannot touch '/.autorelabel': Operation not permitted
I tried to use
fixfiles relabel, but it didn’t work as well.
You seem to be using silverblue. That is an immutable system and context on system files (especially /) cannot be changed as a result of the OS design. You can change context only in the areas that are user writable.
I would think that you may have better luck with selinux context by using
restorecon and directing it to only those directory trees that are allowed to be altered by the user.
For most fedora systems (at least the Workstation version) the user does not have an expiring password so it seems you may have explicitly told it to set an expiration time for your user.
Were you actually able to change your users password? or the root password?
Were you then able to reboot into the normal system mode?
Hmm yes I use Silverblue and I have a question to ask. Does
fixfiles, which prompts to clear
/tmp, will disable SELinux? Because after the first time forgetting to
touch /.autorelabel, I did it but failed to touch and I read from the CentOS forum to use
fixfiles autorelabel. After restarting my SELinux had been disabled. I knew that is has been disabled when I tried from the first step to reset my root password, I couldn’t use
fixfilesanymore since the output told me that the command was not found.
Eventually, after enabling SELinux to permissive mode, I rebooted and could reach the login mode and I then changed my root password with
sudo passwd root.