[enforcing][login][root/other_users]

[javlock]

why is it not possible for root or other users to log into the tty in denied mode?

[fishilico]

Hello, There could be an issue in the way the SELinux policy on your system is configured. In order to better debug this issue, did you find messages in /var/log/audit/audit.log related to the denials?

[jMeTeora]

(I am writing from another account because the hard drive died, there was no backup)

Good afternoon @fishilico, I checked with audit2allow -ar and added to my rules.

i use systemd-boot

in kernel option: lsm=landlock,lockdown,yama,selinux,bpf

checkmodule -M -m -o jmeteora_fix.mod jmeteora_fix.te
semodule_package -o jmeteora_fix.pp -m jmeteora_fix.mod
semodule -i jmeteora_fix.pp

[jMeTeora]

where, besides journalctl and /var/log/audit/*, can I see logs about authorization, (also how to enable pam debugging) ?

[jMeTeora]

using sshd i can login

[jMeTeora]

the problem arose due to selinux, solved it by turning on showing non-logged exceptions using semodule --disable_dontaudit --build

after reading, please add this hint to the repository readme and close the issue