[Bug 1910611] Re: sssd startup fails when apparmor in enforcing mode

Mon, 25 Jan 2021 06:21:25 -0800 

Performing the verification on Focal:

First, confirming that the current sssd manifests the bug:

# apt policy sssd
sssd:
  Installed: 2.2.3-3ubuntu0.2
  Candidate: 2.2.3-3ubuntu0.2
  Version table:
 *** 2.2.3-3ubuntu0.2 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.2.3-3ubuntu0.1 500
        500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
     2.2.3-3 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
# aa-enforce sssd
Setting /usr/sbin/sssd to enforce mode.
# systemctl restart sssd.service
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xe" for details.
# dmesg | grep DENIED
[   41.098915] audit: type=1400 audit(1611583202.421:14): apparmor="DENIED" 
operation="open" profile="/usr/sbin/sssd" name="/etc/sssd/conf.d/" pid=1933 
comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[   41.099185] audit: type=1400 audit(1611583202.421:15): apparmor="DENIED" 
operation="open" profile="/usr/sbin/sssd" name="/usr/share/sssd/cfg_rules.ini" 
pid=1933 comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
...

Now, confirming that the sssd on -proposed fixes the problem:

# apt policy sssd
sssd:
  Installed: 2.2.3-3ubuntu0.3
  Candidate: 2.2.3-3ubuntu0.3
  Version table:
 *** 2.2.3-3ubuntu0.3 500
        500 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     2.2.3-3ubuntu0.2 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
     2.2.3-3ubuntu0.1 500
        500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
     2.2.3-3 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
# systemctl restart sssd
# echo $?
0

This verifies that the Focal sssd package in -proposed fixes the bug.

** Tags removed: verification-needed-focal
** Tags added: verification-done-focal

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1910611

Title:
  sssd startup fails when apparmor in enforcing mode

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1910611/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to