https://bugzilla.suse.com/show_bug.cgi?id=1199520 https://bugzilla.suse.com/show_bug.cgi?id=1199520#c14 Felix Niederwanger <felix.niederwanger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(felix.niederwange | |r@suse.com) | --- Comment #14 from Felix Niederwanger <felix.niederwanger@suse.com> --- Ok first the nscd. In short: Disabling nscd does not resolve the issue. Also with the disabled nscd service and SELinux set to enforcing, after a reboot I'm locked out with the same error. Logging in in permissive mode gives me the following error messages in the journal and I believe they are unrelated:

Aug 26 10:34:03 bsc1199520 login[845]: ROOT LOGIN ON tty1 Aug 26 10:34:04 bsc1199520 nscd[685]: 685 checking for monitored file `/etc/nsswitch.conf': No such file or directory Aug 26 10:34:05 bsc1199520 nscd[685]: 685 checking for monitored file `/etc/nsswitch.conf': No such file or directory Aug 26 10:34:06 bsc1199520 nscd[685]: 685 checking for monitored file `/etc/nsswitch.conf': No such file or directory Aug 26 10:34:07 bsc1199520 nscd[685]: 685 checking for monitored file `/etc/nsswitch.conf': No such file or directory Aug 26 10:34:07 bsc1199520 nscd[685]: 685 checking for monitored file `/etc/services': No such file or directory Aug 26 10:34:08 bsc1199520 nscd[685]: 685 checking for monitored file `/etc/nsswitch.conf': No such file or directory

Second, the audit log when I fail to login. I obtain this by establishing a ssh connecting, setting `setenforce 1` then try to login via the graphical terminal and then running `ausearch -ts boot -m avc`. So after a failed login, I obtain the following:

---- time->Fri Aug 26 10:33:54 2022 type=AVC msg=audit(1661502834.811:88): avc: denied { transition } for pid=1162 comm="(systemd)" path="/usr/lib/systemd/systemd" dev="sda2" ino=55097 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=1 ---- time->Fri Aug 26 10:33:54 2022 type=AVC msg=audit(1661502834.811:89): avc: denied { entrypoint } for pid=1162 comm="(systemd)" path="/usr/lib/systemd/systemd" dev="sda2" ino=55097 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 ---- time->Fri Aug 26 10:34:42 2022 type=AVC msg=audit(1661502882.962:157): avc: denied { transition } for pid=1293 comm="login" path="/usr/bin/bash" dev="sda2" ino=17150 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0 ---- time->Fri Aug 26 10:35:02 2022 type=AVC msg=audit(1661502902.666:172): avc: denied { transition } for pid=1296 comm="login" path="/usr/bin/bash" dev="sda2" ino=17150 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0

Also, I cannot login via ssh anymore after setting SELinux to Enforcing:

phoenix@racetrack-7290:~> ssh bsc1199520 Last login: Fri Aug 26 10:39:11 CEST 2022 on tty1 Have a lot of fun... /bin/bash: Permission denied Connection to 192.168.122.192 closed.

I tried switching the terminal from /bin/bash to /bin/zsh in /etc/passwd for root and end up with the same errors when logging in via the graphical terminal and via ssh:

time->Fri Aug 26 10:48:05 2022 type=AVC msg=audit(1661503685.210:162): avc: denied { transition } for pid=1313 comm="login" path="/usr/bin/zsh" dev="sda2" ino=118216 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0

phoenix@racetrack-7290:~> ssh bsc1199520 uname -a Last login: Fri Aug 26 10:48:30 CEST 2022 from 192.168.122.1 on ssh Have a lot of fun... /bin/zsh: Permission denied Connection to 192.168.122.192 closed.

So it's not just bash, IMHO the issue is deeper but it appears in the last comments that this is already known. -- You are receiving this mail because: You are on the CC list for the bug.