for info, the patch has been integrated to kolla for a long time now:
commit c4b62490714ea849cedfe07d4b9a6aebf1f815c0
Author: Cédric Jeanneret <email address hidden>
Date: Tue Apr 30 16:11:46 2019 +0200
Drop systemd support from PAM
The line being removed is the cause of audit.log spam with a
SELinux enforcing (and permissive) system. They are due to the
fact we're calling "sudo" from within some containers, and PAM
wants to connect to the host "dbus" socket (mounted in /run).
This action is obviously denied by SELinux.
The "-" prefix makes this module optional anyway, but apparently
PAM does see it and tries to use it.
Dropping this module has no consequences other than preventing
log spamming.
for info, the patch has been integrated to kolla for a long time now: 9cedfe07d4b9a6a ebf1f815c0
commit c4b62490714ea84
Author: Cédric Jeanneret <email address hidden>
Date: Tue Apr 30 16:11:46 2019 +0200
Drop systemd support from PAM
The line being removed is the cause of audit.log spam with a
SELinux enforcing (and permissive) system. They are due to the
fact we're calling "sudo" from within some containers, and PAM
wants to connect to the host "dbus" socket (mounted in /run).
This action is obviously denied by SELinux.
The "-" prefix makes this module optional anyway, but apparently
PAM does see it and tries to use it.
Dropping this module has no consequences other than preventing
log spamming.
Change-Id: I3e0e86026f5a4a 78473bed824cd16 82d3a020cd5
Co-Authored-By: Michele Baldessari <email address hidden>
Resolves-Bug: #1819461
BUT. apparently we still see some of those lines from time to time.. Needs some more investigations.