Re: Unable to login
On Sat, 11 Jun 2005, Steve Grubb wrote:
On Saturday 11 June 2005 11:40, James Morris wrote:
> I'm unable to login to current rawhide and the 2.6.12-rc6 kernel, with
> auditd enabled.
>
> I think these audit.log messages are the cause:
>
> type=KERNEL msg=audit(1118503063.368:248607): SELinux: unrecognized
> netlink message type=1100 for sclass=49
> type=KERNEL msg=audit(1118503063.368:248607): syscall=102 arch=40000003
> success=no exit=-22 a0=b a1=bfc3ab10 a2=7150f8 a3=66 items=0
> pid=1916 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 comm=login exe=/bin/login
This message appears to come from SE Linux. The KERNEL message type should not
be used for that kind of message. It needs to have its own type so that it
doesn't break the parsers. FWIW, that message is AUDIT_USER_AUTH which is
being sent by pam. It requires netlink relay permissions.
If you add new audit messages, you need to update the SELinux kernel
component which parses netlink messages and synchronize things so that
Fedora doesn't suddenly break. As is currently the case.
- James
--
James Morris
<jmorris(a)redhat.com>