Description of problem: Unable to login to the system after installing with Klaus's lspp kickstart file. The error is (via the x3270 console): Cannot make/remove an entry for the specified session Via ssh it just looks like you are entering the wrong password as you are prompted 3 times and then the session terminates. I have tried the install 3 times with the same result each time. Version-Release number of selected component (if applicable): The attempted install is of snapshot 3 from 12/7 How reproducible: Everytime I install. Attempted install as root and as a user. Steps to Reproduce: 1. Install with attached kickstart 2. Attempt to login to the system after reboot Actual results: Login denied with the following msg: Cannot make/remove an entry for the specified session Expected results: Able to login to the system. Additional info: The last time I installed I double checked in another window that the issue wasn't a full disk. Here were the results just before rebooting: sh-3.1# df -h Filesystem Size Used Available Use% Mounted on none 249.7M 4.0k 249.7M 0% /dev /tmp/loop0 37.6M 37.6M 0 100% /mnt/runtime /dev/VolGroup01/LvRoot 1.8G 1.1G 580.9M 66% /mnt/sysimage Also I reset the audit policy so that all full disk actions, etc are ignored (since I am working with very limited space): num_logs = 4 dispatcher = /sbin/audispd DISP_qos = lossy max_log_file = 8 max_log_file_action = KEEP_LOGS space_left = 75 space_left_action = IGNORE action_mail_acct = root admin_space_left = 50 # Configure how the system will treat disk space exhaustion. # The action "SUSPEND" discards audit records if space is exhausted. # The fail-safe setting is to switch to single-user mode. #admin_space_left_action = SUSPEND admin_space_left_action = IGNORE #disk_full_action = SUSPEND disk_full_action = IGNORE #disk_error_action = SUSPEND disk_error_action = IGNORE
Created attachment 143969 [details] Kickstart used to create the issue.
FYI: I tried an install again with Klaus's latest release of the lspp rpm. This time I noticed that the kickstart attempts to make sure that the service irqbalance will be running in runlevel 3 however no such service exists. On other platforms this is a part of the irqbalance package which does not exist for this build of s390x I don't know if that is intentional or not, and if not intentional if it could be affecting this but thought I would add the information.
Requested info from Klaus: this affects both console (x3270) and ssh login. I cannot post the contents of any avc messages or logs because I have no way to log into the machine at all.
Sorry I forgot to mention, this also does not work with enforcing=0
You might need to start the machine in single user mode to get to the logs. We need to see the logs to figure out the problem. To start in single user, when the grub menu comes up, press "e" to edit, go to the kernel line and press "e" again, add a "S" to the end of the line, press "enter", then type "b" to boot.
Unfortunately the s390/Series Z machines use the "zipl" boot loader which (last time I used it) did not support any mechanism at all to supply arguments at boot time :-( I've asked Kylie to edit /etc/selinux/config from a rescue Linux system, or in a shell escape during the postinstall phase of the installation, and to try removing polyinstantiation and the require_auditd"loginuid option in the /etc/pam.d/* entries. Since she's out today, I'll see if I can access the machine.
I found the problem, the system had pam-0.99.6.2-3.5.el5 installed (from the latest RHEL5 snapshot), but the current kickstart script requires a newer PAM library that supports the "level" keyword in /etc/security/namespace.conf. (This is documented as a prerequisite for the ks script.) From /var/log/secure : Dec 19 13:03:36 rheal3a login: pam_namespace(login:session): Parsing config file /etc/security/namespace.conf Dec 19 13:03:36 rheal3a login: pam_namespace(login:session): Illegal method Dec 19 13:03:36 rheal3a login: pam_namespace(login:session): Error processing conf file line /tmp Dec 19 13:03:36 rheal3a login: Cannot make/remove an entry for the specified session Please close the bug, the login failure was due to the incompatible packages.
Closing bug as requested.