Loading...

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Normal
Fix Version/s: None
Affects Version/s: CentOS Stream 9, rhel-9.3.0
Component/s: authselect
Labels:
None

Regression:
None
Severity:
Medium

Pool Team:

sst_idm_sssd
Sub-System Group:

ssg_idm

Story Points:
0
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Experience:
Architecture:

x86_64

PX Impact Score:
PX Priority Data:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

Unable to authenticate after restoring an authselect profile.

Audit log shows accessing to /etc/pam.d/password-auth were denied:

type=AVC msg=audit(1701738018.421:565): avc: denied { read } for pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.424:566): avc: denied { read } for pid=5292 comm="sshd" name="postlogin" dev="vda4" ino=8388828 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.424:567): avc: denied { read } for pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.425:568): avc: denied { read } for pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.425:569): avc: denied { read } for pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.425:570): avc: denied { read } for pid=5292 comm="sshd" name="postlogin" dev="vda4" ino=8388828 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0

Please provide the package NVR for which bug is seen:

# rpm -qa | egrep "authselect|selinux" | sort
authselect-1.2.6-1.el9.x86_64
authselect-compat-1.2.6-1.el9.x86_64
authselect-libs-1.2.6-1.el9.x86_64
libselinux-3.5-1.el9.x86_64
libselinux-utils-3.5-1.el9.x86_64
python3-libselinux-3.5-1.el9.x86_64
rpm-plugin-selinux-4.16.1.3-22.el9.x86_64
selinux-policy-38.1.11-2.el9_2.2.noarch
selinux-policy-targeted-38.1.11-2.el9_2.2.noarch

How reproducible:

100%

Steps to reproduce

authselect select minimal --force --backup=local_backup
restorecon -Rv /var/lib/authselect/
authselect backup-restore local_backup

Expected results

Authentication would not be impacted after restoring authselect profile

Actual results

Authentication/login is denied after restoring authselect profile.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

RHEL-18057.txt
15 kB
2023/12/05 1:29 AM

is related to

RHEL-3539 SELinux File context are not showing correct information as expected - authselect backup files with etc_t but dir expects var_lib_t

Closed

RHEL-15220 incorrect SELinux context for files backed up by authselect

Closed

Assignee:: Tomas Halman

Reporter:: Sunny Wu

Developer:: Pavel Brezina

QA Contact:: Dan Lavu

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023/12/05 1:27 AM

Updated:: 2024/09/06 12:18 PM

Resolved:: 2024/03/06 9:11 AM

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results

Attachments

Attachments

Issue Links

Activity

People

Dates