reseting password not working in KVM guest

Purres asked:

I lost the root password for a guest system.

I mounted the guest system and changed it to single user mode. Then I used virsh console to access the guest system, which was now in single user mode, and used a command echo "root":"123456" | chpasswd to reset the password.

However, after the guest system rebooted, I couldn’t access it. The new password was incorrect (Login incorrect). However, if I mount the guest system again in host, and call chroot, I verified that the new password was working by switching to a regular account, and switching back to root and entered the new password.

Both the server version and guest version of OS are the latest centos version.

My answer:

You’ve posted an SELinux denial, wherein login is being denied access to read /etc/passwd. From looking at the log entry I can see that it has an invalid security context (it should be passwd_file_t, not file_t; did you manually edit this file?).

I recommend you fix the security context on /etc/passwd (and the rest of the system just to be safe).

To fix invalid security contexts, chroot back into the filesystem and then run:

restorecon -r -v /

If this fails (e.g. because SELinux is not running in your chroot) then

touch /.autorelabel

and reboot the VM, to have it relabeled at the next reboot.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.