The selinux_child failed: (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [seuser_needs_update] (0x2000): getseuserbyname: ret: 0 seuser: unconfined_u mls: unknown (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] (0x0020): could not cache policy database (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] (0x0020): could not cache join database (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] (0x0020): could not enter read-only section (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] (0x0020): Error while reading kernel policy from /var/lib/selinux/targeted/active/policy.linked. (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [set_seuser] (0x0020): Cannot commit SELinux transaction (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [main] (0x0020): Cannot set SELinux login context. (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [main] (0x0020): selinux_child failed!
What is 'sestatus' telling you? If you don't use the SELInux login mapping, you can set selinux_provider=none to work around tihs. On Thu, Feb 15, 2018 at 09:45:43AM -0000, Iaroslav wrote: > it happened again with one of our server after power lost. > > full logs of all sections with debug_level=10 > https://drive.google.com/open?id=1Yq2EQ0W9kSz7NhbrB-sv9EkQ2WD4mdXL > > sssctl user-checks test1 > user: test1 > action: acct > service: system-auth > > SSSD nss user lookup result: > - user name: test1 > - user id: 1400000070 > - group id: 1400000070 > - gecos: test1 test > - home directory: /home/test1 > - shell: /bin/bash > > SSSD InfoPipe user lookup result: > - name: test1 > - uidNumber: 1400000070 > - gidNumber: 1400000070 > - gecos: test1 test > - homeDirectory: /home/test1 > - loginShell: /bin/bash > > testing pam_acct_mgmt > > pam_acct_mgmt: Permission denied > > PAM Environment: > - no env - > > > sssctl user-checks pontostroy > user: pontostroy > action: acct > service: system-auth > > SSSD nss user lookup result: > - user name: pontostroy > - user id: 1400000014 > - group id: 1400000014 > - gecos: Iaroslav Andrusyak > - home directory: /home/pontostroy > - shell: /bin/bash > > SSSD InfoPipe user lookup result: > - name: pontostroy > - uidNumber: 1400000014 > - gidNumber: 1400000014 > - gecos: Iaroslav Andrusyak > - homeDirectory: /home/pontostroy > - loginShell: /bin/bash > > testing pam_acct_mgmt > > pam_acct_mgmt: System error > > PAM Environment: > - no env - > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org