Unable to login
James Morris
jmorris at redhat.com
Mon Jun 13 05:51:26 UTC 2005
On Sat, 11 Jun 2005, Steve Grubb wrote:
> On Saturday 11 June 2005 11:40, James Morris wrote:
> > I'm unable to login to current rawhide and the 2.6.12-rc6 kernel, with
> > auditd enabled.
> >
> > I think these audit.log messages are the cause:
> >
> > type=KERNEL msg=audit(1118503063.368:248607): SELinux: unrecognized
> > netlink message type=1100 for sclass=49
> > type=KERNEL msg=audit(1118503063.368:248607): syscall=102 arch=40000003
> > success=no exit=-22 a0=b a1=bfc3ab10 a2=7150f8 a3=66 items=0
> > pid=1916 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 comm=login exe=/bin/login
>
> This message appears to come from SE Linux. The KERNEL message type should not
> be used for that kind of message. It needs to have its own type so that it
> doesn't break the parsers. FWIW, that message is AUDIT_USER_AUTH which is
> being sent by pam. It requires netlink relay permissions.
If you add new audit messages, you need to update the SELinux kernel
component which parses netlink messages and synchronize things so that
Fedora doesn't suddenly break. As is currently the case.
- James
--
James Morris
<jmorris at redhat.com>
More information about the Linux-audit
mailing list