On Tue, 31 May 2016 18:53:43 +0200 (CEST) Santiago Vila <sanv...@unex.es> wrote: > Since I upgraded to stretch, logcheck sends me messages like this each > time I do "su -" to become root: > > Security Events for su > =-=-=-=-=-=-=-=-=-=-=- > [...] mymachine su[4887]: pam_systemd(su:session): Cannot create session: > Already running in a session
logcheck was reporting the same for me, except s/su/schroot/. > Apparently, "su" is doing something which is not necessary, or in a way > which is not optimal for systemd, or maybe pam_systemd is too picky > about what "su" does. > > I don't know which of the two packages is to blame for this, so > I'm filing this report against both, libpam-systemd and login, > in the hope that you both can reach to an agreement about that. I can successfully trace this back to systemd 223-1 (with 222-2, everything is still fine). > If it happens that everything is ok and working as expected, then > it would be nice to have anyway some rule in /etc/logcheck to avoid > the message being considered as a "security event". Regards, Christian
signature.asc
Description: OpenPGP digital signature
