After updating PAM secure log started showing:
su: PAM unable to dlopen(/lib64/security/pam_rootok.so): /lib64/security/pam_rootok.so: undefined symbol: selinux_check_access
su: PAM adding faulty module: /lib64/security/pam_rootok.so
Given the name of the file this seems like a serious concern, but I can't find any information about the error. I don't let anyone log onto this server so I'm not trying to protect against local users, but I still want PAM to work properly against anyone who has gained unauthorized access.
Edit: pam_rootok.so does exist and its permissions are the same as the other files under /lib64/security. Also su seems to work since I can still move from non-root users to root.
Best Answer
The key bit of the error is
This symbol should be in
/lib64/libselinux.so.1. You might want to check that file is present, readable and has a good checksum.