-
Bug
-
Resolution: Duplicate
-
Normal
-
None
-
CentOS Stream 9, rhel-9.3.0
-
None
-
None
-
Moderate
-
sst_idm_sssd
-
ssg_idm
-
0
-
False
-
-
None
-
None
-
None
-
None
-
-
x86_64
-
None
What were you trying to do that didn't work?
Unable to authenticate after restoring an authselect profile.
Audit log shows accessing to /etc/pam.d/password-auth were denied:
type=AVC msg=audit(1701738018.421:565): avc: denied { read } for pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.424:566): avc: denied { read } for pid=5292 comm="sshd" name="postlogin" dev="vda4" ino=8388828 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.424:567): avc: denied { read } for pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.425:568): avc: denied { read } for pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.425:569): avc: denied { read } for pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.425:570): avc: denied { read } for pid=5292 comm="sshd" name="postlogin" dev="vda4" ino=8388828 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
Please provide the package NVR for which bug is seen:
# rpm -qa | egrep "authselect|selinux" | sort
authselect-1.2.6-1.el9.x86_64
authselect-compat-1.2.6-1.el9.x86_64
authselect-libs-1.2.6-1.el9.x86_64
libselinux-3.5-1.el9.x86_64
libselinux-utils-3.5-1.el9.x86_64
python3-libselinux-3.5-1.el9.x86_64
rpm-plugin-selinux-4.16.1.3-22.el9.x86_64
selinux-policy-38.1.11-2.el9_2.2.noarch
selinux-policy-targeted-38.1.11-2.el9_2.2.noarch
How reproducible:
100%
Steps to reproduce
- authselect select minimal --force --backup=local_backup
- restorecon -Rv /var/lib/authselect/
- authselect backup-restore local_backup
Expected results
Authentication would not be impacted after restoring authselect profile
Actual results
Authentication/login is denied after restoring authselect profile.
- is related to
-
RHEL-3539 SELinux File context are not showing correct information as expected - authselect backup files with etc_t but dir expects var_lib_t
- Closed
-
RHEL-15220 incorrect SELinux context for files backed up by authselect
- Closed