[Unstable Update] October 2024 Edition

Hello!

After installing apparmor 4 in today’s update I was not able to log in anymore.
I rebooted and temporary removed apparmor from the lsm list in the kernel cmdline, and I was able to log in.
I could then check the logs:

unix_chkpwd[2434]: password check failed for user (chainofflowers)
login[2431]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty3 ruser= rhost=  user=chainofflowers
kernel: audit: type=1400 audit(1729614199.564:190): apparmor="DENIED" operation="capable" class="cap" profile="unix-chkpwd" pid=2434 comm="unix_chkpwd" capability=2  capname="dac_read_search"
kernel: audit: type=1400 audit(1729614199.564:191): apparmor="DENIED" operation="capable" class="cap" profile="unix-chkpwd" pid=2434 comm="unix_chkpwd" capability=1  capname="dac_override"

I then edited /etc/apparmor.d/unix-chkpwd and added those two capabilities, rebooted (with the “regular” kernel cmdline) and everything now works as it should.

Should the /etc/apparmor.d/unix-chkpwd be updated too, before apparmor 4 lands to testing?

1 Like