Ядро 3.3.1-un-def-alt1 Если сделать service sshd restart, получаем при логине по ssh такое: Apr 9 15:40:36 host-245 sshd[5056]: Accepted publickey for george from 10.6.16.13 port 37685 ssh2 Apr 9 15:40:36 host-245 sshd[5056]: pam_tcb(sshd:session): Session opened for george by (uid=0) Apr 9 15:40:36 host-245 sshd[5056]: pam_loginuid(sshd:session): set_loginuid failed Apr 9 15:40:36 host-245 sshd[5056]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session Apr 9 15:40:36 host-245 sshd[5061]: Received disconnect from 10.6.16.13: 11: disconnected by user Та же песня с KDM, т. е. после рестарта этих сервисов залогиниться нельзя. На 3.3.1-std-def-alt1 не воспроизводится. Что странно, /proc/`pidof sshd`/loginuid в первый раз (до service sshd restart) содержит -1, а во все остальные разы -- 0, но другим ядрам это не мешало.
from init/Kconfig: config AUDIT_LOGINUID_IMMUTABLE bool "Make audit loginuid immutable" depends on AUDIT help The config option toggles if a task setting its loginuid requires CAP_SYS_AUDITCONTROL or if that task should require no special permissions but should instead only allow setting its loginuid if it was never previously set. On systems which use systemd or a similar central process to restart login services this should be set to true. On older systems in which an admin would typically have to directly stop and start processes this should be set to false. Setting this to true allows one to drop potentially dangerous capabilites from the login tasks, but may not be backwards compatible with older init systems.
в 3.3.2* работает