The latest ~x86 version of pam appears to break policycoreutils, due to the last of the pam_stack.so module. Note that I'm pretty sure this is a different problem than bug #156124: I'm not getting any undefined symbol errors with pam_selinux itself. Instead, the problem is that the pam configs installed by policycoreutils look like this: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_xauth.so (This is for /etc/pam.d/newrole and /etc/pam.d/run_init) Since pam_stack no longer exists (and isn't needed), they should probably look like this: #%PAM-1.0 auth include system-auth account include system-auth password include system-auth session include system-auth session optional /lib/security/pam_xauth.so
not a security issue/vulnerability reassigning to hardened
reassigning to selinux to make it eaiser for them to find this bug.
fixed in policycoreutils-1.34.1