View Issue Details

IDProjectCategoryView StatusLast Update
0010635CentOS-7pampublic2016-03-30 21:18
Reportertvaughan Assigned To 
Status newResolutionopen 
Product Version7.2.1511 
Summary0010635: ANOM_ABEND Error is raised when SELinux is enabled, pam_oddjob_mkhomedir is above pam_sss, and using SSH
DescriptionWhen a system is using SELinux and pam_oddjob_mkhomedir comes above pam_sss in the 'session' section of the PAM configuration then SSH sessions using PAM will fail with the following error:

Mar 30 20:34:01 hostname audispd[992]: node=hostname type=ANOM_ABEND msg=audit(1459370041.594:534): auid=10000 uid=0 gid=0 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 pid=3697 comm="sshd" reason="memory violation" sig=6
Steps To Reproduce1) Place pam_oddjob_mkhomedir above pam_sss in the system PAM configuration.
2) Configure sshd to use PAM
3) Ensure that SELinux is enforcing
4) Attempt to login over SSH
Additional Informationkernel.x86_64                       3.10.0-327.el7
selinux-policy.noarch               3.13.1-60.el7
pam.x86_64                          1.1.8-12.el7_1.1
openssh.x86_64                      6.6.1p1-22.el7
oddjob.x86_64                       0.31.5-4.el7

Moving pam_oddjob_mkhomedir below pam_sss appears to permanently fix the issue.
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2016-03-30 21:18 tvaughan New Issue