Issue Report

Guidance

Container Linux Version

$ cat /etc/os-release
NAME="Container Linux by CoreOS"
ID=coreos
VERSION=2247.6.0
VERSION_ID=2247.6.0
BUILD_ID=2019-11-06-2138
PRETTY_NAME="Container Linux by CoreOS 2247.6.0 (Rhyolite)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"

Environment

What hardware/cloud provider/hypervisor is being used to run Container Linux?

AWS

Expected Behavior

I'd expect /usr/lib64/security to contain pam_tty_audit.so

Actual Behavior

$ ls /usr/lib64/security
pam_access.so     pam_deny.so  pam_faildelay.so  pam_group.so    pam_limits.so     pam_mail.so       pam_nologin.so        pam_pwhistory.so  pam_shells.so      pam_systemd.so  pam_timestamp.so  pam_wheel.so
pam_cap.so        pam_echo.so  pam_filter        pam_issue.so    pam_listfile.so   pam_mkhomedir.so  pam_oslogin_admin.so  pam_rhosts.so     pam_sss.so         pam_tally.so    pam_umask.so      pam_xauth.so
pam_cifscreds.so  pam_env.so   pam_filter.so     pam_keyinit.so  pam_localuser.so  pam_motd.so       pam_oslogin_login.so  pam_rootok.so     pam_stress.so      pam_tally2.so   pam_unix.so
pam_debug.so      pam_exec.so  pam_ftp.so        pam_lastlog.so  pam_loginuid.so   pam_namespace.so  pam_permit.so         pam_securetty.so  pam_succeed_if.so  pam_time.so     pam_warn.so

It's not there.

Other Information

I've tried taking pam_tty_audit.so out of one of the other containers; /usr/bin/toolbox, but when I add it to my pam config for sshd, it just blows up; consequently breaking sshd.

Is there some known way to add this that I'm unaware of? I've spent days scouring google and trying to get a build container together to compile it, but I've had no success.

Thanks.

coreos / bugs

pam_tty_audit not shipped with CoreOS #2633