fapolicyd untrusts libpam.so after reboot
Issue
- fapolicyd untrusts libpam.so:
# fapolicyd-cli --check-trustdb | grep /usr/lib64/libpam.so.0.84.2
allow_filesystem_mark is unsupported on this kernel - ignoring
/usr/lib64/libpam.so.0.84.2 miscompares: sha256
- So we re-installed
pampackage, which resolves the issue temporarily:
# fapolicyd-cli --check-trustdb | grep /usr/lib64/libpam.so.0.84.2
allow_filesystem_mark is unsupported on this kernel - ignoring
- However, after rebooting the system, the issue resurfaced:
# fapolicyd-cli --check-trustdb | grep /usr/lib64/libpam.so.0.84.2
allow_filesystem_mark is unsupported on this kernel - ignoring
/usr/lib64/libpam.so.0.84.2 miscompares: sha256
- although sha256 is still identical:
# fapolicyd-cli -D | grep libpam.so
rpmdb /usr/lib64/libpam.so.0.84.2 66512 d388c4741df967678a9ca4075fbf9ac77c316bb21ab5c1cd695e35d11ddf5c8e
# sha256sum /usr/lib64/libpam.so.0.84.2
d388c4741df967678a9ca4075fbf9ac77c316bb21ab5c1cd695e35d11ddf5c8e /usr/lib64/libpam.so.0.84.2
Environment
- RHEL 8
- fapolicyd-1.3.2-1.el8.x86_64
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
