Message "pam_tty_audit(sudo:session): error setting current audit status: Permission denied" is seen in /var/log/secure when sudoing from confined user (e.g. staff_u)
Issue
-
When sudoing from a confined user (e.g. staff_u or sysadm_u) and using pam_tty_audit, the following message can be seen in
/var/log/secure
$ id -Z staff_u:staff_r:staff_t:s0-s0:c0.c1023 $ sudo -r sysadm_r su # id -Z staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 #
Content of
/var/log/secure
:pam_tty_audit(sudo:session): error setting current audit status: Permission denied
Environment
- Red Hat Enterprise Linux 7.6
- confined users
- pam_tty_audit
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.