# ls -alZ /etc/pam.d
total 112
drwxr-xr-x.  2 root root system_u:object_r:etc_t:s0 4096 May  3  2023 .
drwxr-xr-x. 92 root root system_u:object_r:etc_t:s0 8192 Dec  4 19:51 ..
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  910 Feb 23  2023 cockpit
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  232 Nov 29  2022 config-util
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  322 Feb 15  2019 crond
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  701 Nov 29  2022 fingerprint-auth
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  676 Mar 29  2023 login
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  154 Nov 29  2022 other
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  168 Aug 10  2021 passwd
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  760 Nov 29  2022 password-auth
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  155 Dec  5  2022 polkit-1
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  398 Nov 29  2022 postlogin
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  640 Mar 29  2023 remote
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  143 Mar 29  2023 runuser
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  138 Mar 29  2023 runuser-l
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  743 Nov 29  2022 smartcard-auth
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  727 Apr 13  2023 sshd
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  214 Dec  9  2022 sssd-shadowutils
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  566 Mar 29  2023 su
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  137 Mar 29  2023 su-l
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0   97 Mar  2  2023 subscription-manager
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  154 Jan 19  2023 sudo
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  178 Jan 19  2023 sudo-i
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  760 Nov 29  2022 system-auth
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0  295 Mar 20  2023 systemd-user
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0   84 Jan 18  2022 vlock

# authselect select minimal --force --backup=local_backup
Backup stored at /var/lib/authselect/backups/local_backup
Profile "minimal" was selected.
The following nsswitch maps are overwritten by the profile:
- aliases
- automount
- ethers
- group
- hosts
- initgroups
- netgroup
- networks
- passwd
- protocols
- publickey
- rpc
- services
- shadow

# ls -alZ /var/lib/authselect/backups/local_backup/
total 24
drwxr-xr-x. 2 root root unconfined_u:object_r:var_lib_t:s0  130 Dec  4 19:55 .
drwxr-xr-x. 3 root root unconfined_u:object_r:var_lib_t:s0   26 Dec  4 19:55 ..
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0          701 Dec  4 19:55 fingerprint-auth
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0         2124 Dec  4 19:55 nsswitch.conf
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0          760 Dec  4 19:55 password-auth
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0          398 Dec  4 19:55 postlogin
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0          743 Dec  4 19:55 smartcard-auth
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0          760 Dec  4 19:55 system-auth

# restorecon -Rv /var/lib/authselect/
Relabeled /var/lib/authselect/backups/local_backup/system-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Relabeled /var/lib/authselect/backups/local_backup/password-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Relabeled /var/lib/authselect/backups/local_backup/fingerprint-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Relabeled /var/lib/authselect/backups/local_backup/smartcard-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Relabeled /var/lib/authselect/backups/local_backup/postlogin from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Relabeled /var/lib/authselect/backups/local_backup/nsswitch.conf from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0

# authselect backup-list
local_backup (created at Mon Dec  4 19:55:37 2023)

# authselect backup-restore local_backup

# ls -alZ /etc/pam.d
total 112
drwxr-xr-x.  2 root root system_u:object_r:etc_t:s0     4096 Dec  4 19:58 .
drwxr-xr-x. 93 root root system_u:object_r:etc_t:s0     8192 Dec  4 19:58 ..
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      910 Feb 23  2023 cockpit
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      232 Nov 29  2022 config-util
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      322 Feb 15  2019 crond
-rw-r--r--.  1 root root system_u:object_r:var_lib_t:s0  701 Dec  4 19:58 fingerprint-auth
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      676 Mar 29  2023 login
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      154 Nov 29  2022 other
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      168 Aug 10  2021 passwd
-rw-r--r--.  1 root root system_u:object_r:var_lib_t:s0  760 Dec  4 19:58 password-auth
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      155 Dec  5  2022 polkit-1
-rw-r--r--.  1 root root system_u:object_r:var_lib_t:s0  398 Dec  4 19:58 postlogin
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      640 Mar 29  2023 remote
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      143 Mar 29  2023 runuser
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      138 Mar 29  2023 runuser-l
-rw-r--r--.  1 root root system_u:object_r:var_lib_t:s0  743 Dec  4 19:58 smartcard-auth
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      727 Apr 13  2023 sshd
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      214 Dec  9  2022 sssd-shadowutils
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      566 Mar 29  2023 su
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      137 Mar 29  2023 su-l
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0       97 Mar  2  2023 subscription-manager
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      154 Jan 19  2023 sudo
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      178 Jan 19  2023 sudo-i
-rw-r--r--.  1 root root system_u:object_r:var_lib_t:s0  760 Dec  4 19:58 system-auth
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0      295 Mar 20  2023 systemd-user
-rw-r--r--.  1 root root system_u:object_r:etc_t:s0       84 Jan 18  2022 vlock

type=AVC msg=audit(1701738016.575:547): avc:  denied  { getattr } for  pid=5292 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738016.577:548): avc:  denied  { read } for  pid=5292 comm="sshd" name="nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738016.577:549): avc:  denied  { getattr } for  pid=5292 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738016.588:550): avc:  denied  { getattr } for  pid=5292 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738016.591:551): avc:  denied  { getattr } for  pid=5292 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738017.531:556): avc:  denied  { read } for  pid=5293 comm="setroubleshootd" name="nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738017.531:557): avc:  denied  { getattr } for  pid=601 comm="auditd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738017.531:558): avc:  denied  { read } for  pid=601 comm="auditd" name="nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738017.531:559): avc:  denied  { getattr } for  pid=601 comm="auditd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738017.531:560): avc:  denied  { read } for  pid=5293 comm="setroubleshootd" name="nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738017.667:561): avc:  denied  { read } for  pid=5293 comm="setroubleshootd" name="nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738017.667:562): avc:  denied  { read } for  pid=5293 comm="setroubleshootd" name="nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.419:564): avc:  denied  { getattr } for  pid=5292 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.421:565): avc:  denied  { read } for  pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.424:566): avc:  denied  { read } for  pid=5292 comm="sshd" name="postlogin" dev="vda4" ino=8388828 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.424:567): avc:  denied  { read } for  pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.425:568): avc:  denied  { read } for  pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.425:569): avc:  denied  { read } for  pid=5292 comm="sshd" name="password-auth" dev="vda4" ino=8388824 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738018.425:570): avc:  denied  { read } for  pid=5292 comm="sshd" name="postlogin" dev="vda4" ino=8388828 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738026.336:571): avc:  denied  { getattr } for  pid=5292 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738026.337:572): avc:  denied  { getattr } for  pid=5292 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738026.337:573): avc:  denied  { getattr } for  pid=5292 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738026.338:574): avc:  denied  { getattr } for  pid=5317 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738026.338:575): avc:  denied  { getattr } for  pid=5317 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738026.339:576): avc:  denied  { getattr } for  pid=5317 comm="authorized_keys" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738026.339:577): avc:  denied  { getattr } for  pid=601 comm="auditd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738026.339:578): avc:  denied  { read } for  pid=5317 comm="authorized_keys" name="nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738026.348:579): avc:  denied  { getattr } for  pid=5318 comm="curl" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738026.350:580): avc:  denied  { read } for  pid=5318 comm="curl" name="nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738033.166:582): avc:  denied  { getattr } for  pid=5292 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738033.166:583): avc:  denied  { getattr } for  pid=5323 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738033.167:584): avc:  denied  { getattr } for  pid=5323 comm="sshd" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738033.168:585): avc:  denied  { getattr } for  pid=5323 comm="authorized_keys" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738033.168:586): avc:  denied  { read } for  pid=5323 comm="authorized_keys" name="nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738033.178:587): avc:  denied  { getattr } for  pid=5324 comm="curl" path="/etc/nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1701738033.178:588): avc:  denied  { read } for  pid=5324 comm="curl" name="nsswitch.conf" dev="vda4" ino=8388829 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0

# rpm -qa | egrep "authselect|selinux" | sort
authselect-1.2.6-1.el9.x86_64
authselect-compat-1.2.6-1.el9.x86_64
authselect-libs-1.2.6-1.el9.x86_64
libselinux-3.5-1.el9.x86_64
libselinux-utils-3.5-1.el9.x86_64
python3-libselinux-3.5-1.el9.x86_64
rpm-plugin-selinux-4.16.1.3-22.el9.x86_64
selinux-policy-38.1.11-2.el9_2.2.noarch
selinux-policy-targeted-38.1.11-2.el9_2.2.noarch