Unbearably long boot time due to home-relabel

Millesimus · November 18, 2025, 11:11am

Hey everyone,

for a while now a have occasionally experienced very long boot times (speaking half an hour…) with my Aeon system (with SELinux enabled). Apparently, these are caused by home-relabel.service runs:

systemd-analyze blame
56min 1.876s home-relabel.service
56min 1.876s home-relabel.service
1min 34.143s transactional-update.service
     23.956s fwupd.service
     13.844s dev-ttyS3.device

If I understand it correctly this means that the whole filetree under /home is assigned (new) SELinux xattributes. But I don’t understand what triggers it.

Does anybody else experience this? How can I deactivate this service and would that be safe to do?

sfalken · November 18, 2025, 3:56pm

It’s probably possible to disable, but you don’t want to. It’s going to create SELinux issues if you don’t do the relabel.

stendler · November 18, 2025, 6:23pm

It seems to be usually triggered by an update of the selinux-policy package.

I try to defer an update if I know that the relabel would be inconvenient or reboot after such an update if I have the time (or start the PC early in the morning and do something else for a while, just like the old times).

Millesimus · November 18, 2025, 8:50pm

That explains it, thank you!

I’m not sure how I am going to handle this, though. No issue with mindfulness and slowing down but an hour of unexpected waiting time is a little extreme. It seems to get worse as the filetree grows. The delay is even longer on another machine where I use snapper to regularly snapshot my home partition.

Maybe I should disable the home-relabel.service and run fixfiles on my home dir (excluding all the snapshot dirs)?

stendler · November 18, 2025, 10:52pm

Half an hour really does sound excessive, though. For comparison: my /home is about 760 GB and relabelling usually takes 6-7 minutes.
It’s probably bound by reading speed, so having a fast NVMe ssd probably helps.

Disabling it really might bite you later down the line without you remembering what the cause could be.
Maybe only if you entirely switch from SELinux to AppArmor? – but I’m not sure if there is a migration guide and if it is feasible or possible at all.

sfalken · November 19, 2025, 12:32am

On Aeon? absolutely not. AppArmor is completely unsupported.

Millesimus · November 19, 2025, 7:00am

addendum: I meant running fixfiles regularly (instead of the home-relabel.service).

Millesimus · November 19, 2025, 7:06am

It’s probably bound by reading speed, so having a fast NVMe ssd probably helps.

I have NVMes in both machines.

Maybe the issue lies with what home-relabel.service does under the hood. Does it use fixfiles? If so, does it always relabel everything or only on files modified since the last run?

Millesimus · December 19, 2025, 5:29am

I have a new high score:

systemd-analyze blame 
10h 50min 35.396s home-relabel.service
          19.081s transactional-update.service

I’ll have to take my chances and deactivate that home-relabel.service until a better solution pops up.

Millesimus · December 29, 2025, 9:20am

I’ve uninstalled selinux-autorelabel now on my device with the 11 hours boot time. I’ll take the risk, hopefully I’ll only have to use fixfiles manually from time to time.

system · January 28, 2026, 9:21am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.