[Bug 276777] Enabling BSM/audit security can prevent root login

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 02 Feb 2024 12:53:26 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276777

            Bug ID: 276777
           Summary: Enabling BSM/audit security can prevent root login
           Product: Base System
           Version: 13.2-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: standards
          Assignee: standards@FreeBSD.org
          Reporter: thogard@abnormal.com

When audit/BSM security auditing is turned on, console root (and other users)
says:
"login: could not calculate audit mask" 
and then refuses login.

audit(8)/BSM(Basic Security Module) is an essential component for any modern
security compliance framework so this will effect many users. See Ch 19 of the
2024 FreeBSD Handbook.

I expect an initial audit mask isn't set in a preceding chain before the getty
process accepts the login request but that is just a guess.

-- 
You are receiving this mail because:
You are the assignee for the bug.