The selinux_child failed:
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961 [seuser_needs_update]
(0x2000): getseuserbyname: ret: 0 seuser: unconfined_u mls: unknown
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961 [libsemanage]
(0x0020): could not cache policy database
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961 [libsemanage]
(0x0020): could not cache join database
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961 [libsemanage]
(0x0020): could not enter read-only section
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961 [libsemanage]
(0x0020): Error while reading kernel policy from
/var/lib/selinux/targeted/active/policy.linked.
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961 [set_seuser]
(0x0020): Cannot commit SELinux transaction
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961 [main] (0x0020):
Cannot set SELinux login context.
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961 [main] (0x0020):
selinux_child failed!
What is 'sestatus' telling you? If you don't use the SELInux login mapping, you
can set selinux_provider=none to work around tihs.
On Thu, Feb 15, 2018 at 09:45:43AM -, Iaroslav wrote:
> it happened again with one of our server after power lost.
>
> full logs of all sections with debug_level=10
> https://drive.google.com/open?id=1Yq2EQ0W9kSz7NhbrB-sv9EkQ2WD4mdXL
>
> sssctl user-checks test1
> user: test1
> action: acct
> service: system-auth
>
> SSSD nss user lookup result:
> - user name: test1
> - user id: 140070
> - group id: 140070
> - gecos: test1 test
> - home directory: /home/test1
> - shell: /bin/bash
>
> SSSD InfoPipe user lookup result:
> - name: test1
> - uidNumber: 140070
> - gidNumber: 140070
> - gecos: test1 test
> - homeDirectory: /home/test1
> - loginShell: /bin/bash
>
> testing pam_acct_mgmt
>
> pam_acct_mgmt: Permission denied
>
> PAM Environment:
> - no env -
>
>
> sssctl user-checks pontostroy
> user: pontostroy
> action: acct
> service: system-auth
>
> SSSD nss user lookup result:
> - user name: pontostroy
> - user id: 140014
> - group id: 140014
> - gecos: Iaroslav Andrusyak
> - home directory: /home/pontostroy
> - shell: /bin/bash
>
> SSSD InfoPipe user lookup result:
> - name: pontostroy
> - uidNumber: 140014
> - gidNumber: 140014
> - gecos: Iaroslav Andrusyak
> - homeDirectory: /home/pontostroy
> - loginShell: /bin/bash
>
> testing pam_acct_mgmt
>
> pam_acct_mgmt: System error
>
> PAM Environment:
> - no env -
> ___
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
