Public bug reported: https://autopkgtest.ubuntu.com/packages/o/openldap/lunar/amd64
autopkgtest [16:06:32]: test smbk5pwd: [----------------------- adding new entry "cn=samba,cn=schema,cn=config" SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=hdb,cn=schema,cn=config" SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=module{0},cn=config" adding new entry "olcOverlay=smbk5pwd,olcDatabase={1}mdb,cn=config" ldap_add: Other (e.g., implementation specific) error (80) additional info: <olcSmbK5PwdEnable> handler exited with 1 autopkgtest [16:06:33]: test smbk5pwd: -----------------------] autopkgtest [16:06:33]: test smbk5pwd: - - - - - - - - - - results - - - - - - - - - - smbk5pwd FAIL non-zero exit status 80 I reproduced this in a container, and the failure is two-fold: a) /var/lib/heimdal-kdc/ is root:root 0700, and the slapd server needs FS read access to the key b) Then the slapd apparmor profile blocks it: [qui fev 2 09:54:02 2023] audit: type=1400 audit(1675342444.436:3242): apparmor="DENIED" operation="open" class="file" namespace="root//lxd-l-dep8_<var-snap-lxd-common-lxd>" profile="/usr/sbin/slapd" name="/var/lib/heimdal-kdc/m-key" pid=1161656 comm="slapd" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=1000000 ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Tags: update-excuse -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2004560 Title: smbk5pwd test fails due to perms (FS and AppArmor) Status in openldap package in Ubuntu: New Bug description: https://autopkgtest.ubuntu.com/packages/o/openldap/lunar/amd64 autopkgtest [16:06:32]: test smbk5pwd: [----------------------- adding new entry "cn=samba,cn=schema,cn=config" SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=hdb,cn=schema,cn=config" SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=module{0},cn=config" adding new entry "olcOverlay=smbk5pwd,olcDatabase={1}mdb,cn=config" ldap_add: Other (e.g., implementation specific) error (80) additional info: <olcSmbK5PwdEnable> handler exited with 1 autopkgtest [16:06:33]: test smbk5pwd: -----------------------] autopkgtest [16:06:33]: test smbk5pwd: - - - - - - - - - - results - - - - - - - - - - smbk5pwd FAIL non-zero exit status 80 I reproduced this in a container, and the failure is two-fold: a) /var/lib/heimdal-kdc/ is root:root 0700, and the slapd server needs FS read access to the key b) Then the slapd apparmor profile blocks it: [qui fev 2 09:54:02 2023] audit: type=1400 audit(1675342444.436:3242): apparmor="DENIED" operation="open" class="file" namespace="root//lxd-l-dep8_<var-snap-lxd-common-lxd>" profile="/usr/sbin/slapd" name="/var/lib/heimdal-kdc/m-key" pid=1161656 comm="slapd" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=1000000 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2004560/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp