When a particular user tries to login on a particular host, we are seeing an error in the logs, something like this:
(2022-12-15 13:24:51): [selinux_child[1096]] [sss_seuser_exists] (0x0400): seuser exists: no (2022-12-15 13:24:51): [selinux_child[1096]] [seuser_needs_update] (0x0400): The SELinux user does need an update (2022-12-15 13:24:51): [selinux_child[1096]] [libsemanage] (0x0020): Error while reading kernel policy from /etc/selinux/targeted/active/policy.linked. (2022-12-15 13:24:51): [selinux_child[1096]] [main] (0x0020): Cannot set SELinux login context. (2022-12-15 13:24:51): [selinux_child[1096]] [main] (0x0020): selinux_child failed! The file /etc/selinux/targeted/active/policy.linked existed, but was empty. Reproducing on a lab machine, deliberately emptying that file, the problem was reproducible - for new users, though not for old users. Presumably, caching at work, somewhere. Deleting the empty file and then trying again, policy.linked was rebuilt, and then logins started succeeding. (2022-12-15 15:07:03): [selinux_child[3412]] [main] (0x0400): selinux_child started. (2022-12-15 15:07:03): [selinux_child[3412]] [main] (0x0400): context initialized (2022-12-15 15:07:03): [selinux_child[3412]] [main] (0x0400): performing selinux operations (2022-12-15 15:07:03): [selinux_child[3412]] [sss_seuser_exists] (0x0400): seuser exists: no (2022-12-15 15:07:03): [selinux_child[3412]] [seuser_needs_update] (0x0400): The SELinux user does need an update (2022-12-15 15:07:14): [selinux_child[3412]] [pack_buffer] (0x0400): result [0] (2022-12-15 15:07:14): [selinux_child[3412]] [main] (0x0400): selinux_child completed successfully I'm hopeful that the same thing will work on the other box - will let you know if it doesn't. :-) _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
