Hello,
Issue:
-unit : user@1000.service hasn't started,
-i can log via terminal for user floki uid 1000 ( but problably it shouldn't be possible gog in in this issuse , for me it is better)
-user have corect context i suppose,
-no AVC errors in audit.log
System version:
Code:
root@xxx:/var/log# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
system in graphical target but it is server edition and i don't use X.
Code:
floki@xxx:~$ systemctl get-default
graphical.target
Context user:
Code:
floki@xxx:~$ id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Code:
root@xxx:/var/log# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● user@1000.service loaded failed failed User Manager for UID 1000
Code:
root@xxx:/home/floki# systemctl status user@1000
● user@1000.service - User Manager for UID 1000
Loaded: loaded (/lib/systemd/system/user@.service; static; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/user@.service.d
└─timeout.conf
Active: failed (Result: exit-code) since Wed 2021-05-05 09:52:50 UTC; 42min ago
Docs: man:user@.service(5)
Process: 771 ExecStart=/lib/systemd/systemd --user (code=exited, status=224/PAM)
Main PID: 771 (code=exited, status=224/PAM)
May 05 09:52:50 xxx systemd[771]: pam_selinux(systemd-user:session): Username= floki SELinux User= unconfined_u Level= s0-s0:c0.c1023
May 05 09:52:50 xxx systemd[771]: pam_selinux(systemd-user:session): Unable to get valid context for floki
May 05 09:52:50 xxx systemd[771]: pam_selinux(systemd-user:session): conversation failed
May 05 09:52:50 xxx systemd[771]: pam_unix(systemd-user:session): session opened for user floki by (uid=0)
May 05 09:52:50 xxx systemd[771]: PAM failed: Cannot make/remove an entry for the specified session
May 05 09:52:50 xxx systemd[771]: user@1000.service: Failed to set up PAM session: Operation not permitted
May 05 09:52:50 xxx systemd[771]: user@1000.service: Failed at step PAM spawning /lib/systemd/systemd: Operation not permitted
May 05 09:52:50 xxx systemd[1]: user@1000.service: Main process exited, code=exited, status=224/PAM
May 05 09:52:50 xxx systemd[1]: user@1000.service: Failed with result 'exit-code'.
May 05 09:52:50 xxx systemd[1]: Failed to start User Manager for UID 1000.
Logs:
-----
auth.log
Code:
May 5 09:52:50 xxx sshd[760]: pam_unix(sshd:session): session opened for user floki by (uid=0)
May 5 09:52:50 xxx systemd-logind[587]: New session 3 of user floki.
May 5 09:52:50 xxx systemd: pam_selinux(systemd-user:session): Open Session
May 5 09:52:50 xxx systemd: pam_selinux(systemd-user:session): Open Session
May 5 09:52:50 xxx systemd: pam_selinux(systemd-user:session): Username= floki SELinux User= unconfined_u Level= s0-s0:c0.c1023
May 5 09:52:50 xxx systemd: pam_selinux(systemd-user:session): Unable to get valid context for floki
May 5 09:52:50 xxx systemd: pam_selinux(systemd-user:session): conversation failed
May 5 09:52:50 xxx systemd: pam_unix(systemd-user:session): session opened for user floki by (uid=0)
May 5 09:52:51 xxx sshd[760]: pam_selinux(sshd:session): Open Session
May 5 09:52:51 xxx sshd[760]: pam_selinux(sshd:session): Username= floki SELinux User= unconfined_u Level= s0-s0:c0.c1023
May 5 09:52:51 xxx sshd[760]: pam_selinux(sshd:session): Set executable context: [] -> [unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023]
May 5 09:52:51 xxx sshd[760]: pam_selinux(sshd:session): Security Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Assigned
May 5 09:52:51 xxx sshd[760]: pam_selinux(sshd:session): Set key creation context to unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
May 5 09:52:51 xxx sshd[760]: pam_selinux(sshd:session): Key Creation Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Assigned
sys.log
Code:
May 5 09:52:27 xxx systemd-timesyncd[551]: Initial synchronization to time server 91.189.89.199:123 (ntp.ubuntu.com).
May 5 09:52:38 xxx kernel: [ 57.796158] hv_balloon: Max. dynamic memory size: 4024 MB
May 5 09:52:50 xxx systemd[1]: Starting User Manager for UID 1000...
May 5 09:52:50 xxx systemd[771]: PAM failed: Cannot make/remove an entry for the specified session
May 5 09:52:50 xxx systemd[771]: user@1000.service: Failed to set up PAM session: Operation not permitted
May 5 09:52:50 xxx systemd[771]: user@1000.service: Failed at step PAM spawning /lib/systemd/systemd: Operation not permitted
May 5 09:52:50 xxx systemd[1]: user@1000.service: Main process exited, code=exited, status=224/PAM
May 5 09:52:50 xxx systemd[1]: user@1000.service: Failed with result 'exit-code'.
May 5 09:52:50 xxx systemd[1]: Failed to start User Manager for UID 1000.
May 5 09:52:50 xxx systemd[1]: Started Session 3 of user floki.
Seusers
Code:
root@xxx:/var/log# semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ unconfined_u s0-s0:c0.c1023 *
floki unconfined_u s0-s0:c0.c1023 *
root unconfined_u s0-s0:c0.c1023 *
user1 staff_u s0 *
user2 staff_u s0-s0:c0.c1023 *
cat /etc/selinux/default/seusers
root:unconfined_u:s0-s0:c0.c1023
__default__:unconfined_u:s0-s0:c0.c1023
user1:staff_u:s0
user2:staff_u:s0-s0:c0.c1023
floki:unconfined_u:s0-s0:c0.c1023
auditd.logs:
No AVC problems
r
Code:
oot@xxx:/home/floki# ausearch -m SERVICE_START -ts recent | grep failed
type=SERVICE_START msg=audit(1620208320.011:70): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000
I have problem close to : https://access.redhat.com/solutions/4383921 but not exacly becouse my file /etc/selinux/default/seusersexist.
Best Regards
Bookmarks