[Bug 1910611] Re: sssd startup fails when apparmor in enforcing mode

Mon, 25 Jan 2021 06:21:28 -0800 

Performing the verification on Groovy:

First, confirming that the current sssd manifests the bug:

# apt policy sssd
sssd:
  Installed: 2.3.1-3ubuntu2
  Candidate: 2.3.1-3ubuntu2
  Version table:
 *** 2.3.1-3ubuntu2 500
        500 http://archive.ubuntu.com/ubuntu groovy-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.3.1-3 500
        500 http://archive.ubuntu.com/ubuntu groovy/main amd64 Packages
# aa-enforce sssd
Setting /usr/sbin/sssd to enforce mode.
# systemctl restart sssd.service
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xe" for details.
# dmesg | grep DENIED
[   49.513861] audit: type=1400 audit(1611583630.788:14): apparmor="DENIED" 
operation="open" profile="/usr/sbin/sssd" name="/etc/sssd/conf.d/" pid=1876 
comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[   49.514342] audit: type=1400 audit(1611583630.792:15): apparmor="DENIED" 
operation="open" profile="/usr/sbin/sssd" name="/usr/share/sssd/cfg_rules.ini" 
pid=1876 comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
...

Now, confirming that the sssd on -proposed fixes the problem:

# apt policy sssd
sssd:
  Installed: 2.3.1-3ubuntu3
  Candidate: 2.3.1-3ubuntu3
  Version table:
 *** 2.3.1-3ubuntu3 500
        500 http://archive.ubuntu.com/ubuntu groovy-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     2.3.1-3ubuntu2 500
        500 http://archive.ubuntu.com/ubuntu groovy-updates/main amd64 Packages
     2.3.1-3 500
        500 http://archive.ubuntu.com/ubuntu groovy/main amd64 Packages
# systemctl restart sssd
# echo $?
0

This verifies that the Groovy sssd package in -proposed fixes the bug.

** Tags removed: verification-needed verification-needed-groovy
** Tags added: verification-done-groovy

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1910611

Title:
  sssd startup fails when apparmor in enforcing mode

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1910611/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to