Zooming in to the behaviour of sssd, it appears the permission denied error happens like so:
- A working sssd installation is installed and the daemon started. Logfiles are created in /var/log/sssd, including /var/log/sssd/sssd.log, owned by and exclusively read/writable by root: root@syslog01:~# ls -al /var/log/sssd total 12 drwxr-x--- 1 sssd sssd 4096 Jun 6 14:55 . drwxrwxr-x 1 root syslog 4096 Jun 6 10:45 .. -rw------- 1 root root 0 Jun 6 14:55 ldap_child.log -rw------- 1 root root 0 Jun 6 14:55 sssd_LDAP.log -rw------- 1 root root 0 Jun 6 14:55 sssd.log -rw------- 1 root root 260 Jun 6 14:56 sssd_nss.log -rw------- 1 root root 0 Jun 6 14:55 sssd_pam.log -rw------- 1 root root 0 Jun 6 14:55 sssd_ssh.log -rw------- 1 root root 0 Jun 6 14:55 sssd_sudo.log - overlayfs is mounted successfully over /var/log. - sssd is restarted (manually, or at next boot). sssd cannot open /var/log/sssd/sssd.log despite having permission to do so, with permission denied. - Manually removing /var/log/sssd/* and restarting sssd causes sssd to start successfully, and the logfiles are recreated successfully with the same mode and user as above. It seems overlayfs fails at the copy-up step when sssd tries to open existing logfiles that exist in the lowerdir by not yet exist in the upperdir. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1620744 Title: sssd/ntpd/postfix + overlayfs startup failure: Could not open file [/var/log/sssd/sssd.log]. Error: [13][Permission denied] Status in linux package in Ubuntu: Triaged Bug description: If an attempt is made to mount an overlay filesystem over the /var/log directory, this causes sssd to refuse to start up. The startup fails at the point where sssd attempts to write to its logfiles: sssd: Could not open file [/var/log/sssd/sssd.log]. Error: [13][Permission denied] sssd is running as root, and should have no problem writing to logfiles. Removing the -f option from sssd causes sshd to not attempt to write to /var/log/ssshd/ssshd.log and sshd startup succeeds. Running sssd without any flags logs to syslog, and this works correctly, logging to /var/log/syslog on the overlayfs filesystem. Removing the file /etc/apparmor.d/usr.sbin.sssd causes sssd to start up correctly, logging to the overlayfs /var/log/sssd directory without an issue. Looks like the apparmour configration for sssd breaks when an overlayfs is present. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1620744/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
