When a particular user tries to login on a particular host, we are seeing an error in the
logs, something like this:
(2022-12-15 13:24:51): [selinux_child[1096]] [sss_seuser_exists] (0x0400): seuser exists:
no
(2022-12-15 13:24:51): [selinux_child[1096]] [seuser_needs_update] (0x0400): The SELinux
user does need an update
(2022-12-15 13:24:51): [selinux_child[1096]] [libsemanage] (0x0020): Error while reading
kernel policy from /etc/selinux/targeted/active/policy.linked.
(2022-12-15 13:24:51): [selinux_child[1096]] [main] (0x0020): Cannot set SELinux login
context.
(2022-12-15 13:24:51): [selinux_child[1096]] [main] (0x0020): selinux_child failed!
The file /etc/selinux/targeted/active/policy.linked existed, but was empty.
Reproducing on a lab machine, deliberately emptying that file, the problem was
reproducible - for new users, though not for old users. Presumably, caching at work,
somewhere.
Deleting the empty file and then trying again, policy.linked was rebuilt, and then logins
started succeeding.
(2022-12-15 15:07:03): [selinux_child[3412]] [main] (0x0400): selinux_child started.
(2022-12-15 15:07:03): [selinux_child[3412]] [main] (0x0400): context initialized
(2022-12-15 15:07:03): [selinux_child[3412]] [main] (0x0400): performing selinux
operations
(2022-12-15 15:07:03): [selinux_child[3412]] [sss_seuser_exists] (0x0400): seuser exists:
no
(2022-12-15 15:07:03): [selinux_child[3412]] [seuser_needs_update] (0x0400): The SELinux
user does need an update
(2022-12-15 15:07:14): [selinux_child[3412]] [pack_buffer] (0x0400): result [0]
(2022-12-15 15:07:14): [selinux_child[3412]] [main] (0x0400): selinux_child completed
successfully
I'm hopeful that the same thing will work on the other box - will let you know if it
doesn't. :-)
Show replies by thread