Drop systemd support from PAM
The line being removed is the cause of audit.log spam with a
SELinux enforcing (and permissive) system. They are due to the
fact we're calling "sudo" from within some containers, and PAM
wants to connect to the host "dbus" socket (mounted in /run).
This action is obviously denied by SELinux.
The "-" prefix makes this module optional anyway, but apparently
PAM does see it and tries to use it.
Dropping this module has no consequences other than preventing
log spamming.
Change-Id: I3e0e86026f5a4a78473bed824cd1682d3a020cd5
Co-Authored-By: Michele Baldessari <mbaldess@redhat.com>
Resolves-Bug: #1819461
(cherry picked from commit c4b6249071
)
This commit is contained in:
parent
2648c12c8d
commit
c56ee10d21
|
@ -402,6 +402,10 @@ RUN sed -i \
|
|||
{# endif base_package_type deb #}
|
||||
{% endif %}
|
||||
|
||||
{% if base_distro == 'centos' or base_distro == 'rhel' %}
|
||||
RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth
|
||||
{% endif %}
|
||||
|
||||
COPY set_configs.py /usr/local/bin/kolla_set_configs
|
||||
COPY start.sh /usr/local/bin/kolla_start
|
||||
COPY sudoers /etc/sudoers
|
||||
|
|
Loading…
Reference in New Issue