Hello!
After installing apparmor 4
in today’s update I was not able to log in anymore.
I rebooted and temporary removed apparmor
from the lsm
list in the kernel cmdline, and I was able to log in.
I could then check the logs:
unix_chkpwd[2434]: password check failed for user (chainofflowers)
login[2431]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty3 ruser= rhost= user=chainofflowers
kernel: audit: type=1400 audit(1729614199.564:190): apparmor="DENIED" operation="capable" class="cap" profile="unix-chkpwd" pid=2434 comm="unix_chkpwd" capability=2 capname="dac_read_search"
kernel: audit: type=1400 audit(1729614199.564:191): apparmor="DENIED" operation="capable" class="cap" profile="unix-chkpwd" pid=2434 comm="unix_chkpwd" capability=1 capname="dac_override"
I then edited /etc/apparmor.d/unix-chkpwd
and added those two capabilities, rebooted (with the “regular” kernel cmdline) and everything now works as it should.
Should the /etc/apparmor.d/unix-chkpwd
be updated too, before apparmor 4
lands to testing?