Performing the verification on Focal:
First, confirming that the current sssd manifests the bug:
# apt policy sssd sssd: Installed: 2.2.3-3ubuntu0.2 Candidate: 2.2.3-3ubuntu0.2 Version table: *** 2.2.3-3ubuntu0.2 500 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 100 /var/lib/dpkg/status 2.2.3-3ubuntu0.1 500 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 2.2.3-3 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages # aa-enforce sssd Setting /usr/sbin/sssd to enforce mode. # systemctl restart sssd.service Job for sssd.service failed because the control process exited with error code. See "systemctl status sssd.service" and "journalctl -xe" for details. # dmesg | grep DENIED [ 41.098915] audit: type=1400 audit(1611583202.421:14): apparmor="DENIED" operation="open" profile="/usr/sbin/sssd" name="/etc/sssd/conf.d/" pid=1933 comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 41.099185] audit: type=1400 audit(1611583202.421:15): apparmor="DENIED" operation="open" profile="/usr/sbin/sssd" name="/usr/share/sssd/cfg_rules.ini" pid=1933 comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 ...
Now, confirming that the sssd on -proposed fixes the problem:
# apt policy sssd sssd: Installed: 2.2.3-3ubuntu0.3 Candidate: 2.2.3-3ubuntu0.3 Version table: *** 2.2.3-3ubuntu0.3 500 500 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages 100 /var/lib/dpkg/status 2.2.3-3ubuntu0.2 500 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 2.2.3-3ubuntu0.1 500 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 2.2.3-3 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages # systemctl restart sssd # echo $? 0
This verifies that the Focal sssd package in -proposed fixes the bug.
Performing the verification on Focal:
First, confirming that the current sssd manifests the bug:
# apt policy sssd archive. ubuntu. com/ubuntu focal-updates/main amd64 Packages dpkg/status 2.3-3ubuntu0. 1 500 security. ubuntu. com/ubuntu focal-security/main amd64 Packages archive. ubuntu. com/ubuntu focal/main amd64 Packages 2.421:14) : apparmor="DENIED" operation="open" profile= "/usr/sbin/ sssd" name="/ etc/sssd/ conf.d/ " pid=1933 comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 2.421:15) : apparmor="DENIED" operation="open" profile= "/usr/sbin/ sssd" name="/ usr/share/ sssd/cfg_ rules.ini" pid=1933 comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
sssd:
Installed: 2.2.3-3ubuntu0.2
Candidate: 2.2.3-3ubuntu0.2
Version table:
*** 2.2.3-3ubuntu0.2 500
500 http://
100 /var/lib/
2.
500 http://
2.2.3-3 500
500 http://
# aa-enforce sssd
Setting /usr/sbin/sssd to enforce mode.
# systemctl restart sssd.service
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xe" for details.
# dmesg | grep DENIED
[ 41.098915] audit: type=1400 audit(161158320
[ 41.099185] audit: type=1400 audit(161158320
...
Now, confirming that the sssd on -proposed fixes the problem:
# apt policy sssd archive. ubuntu. com/ubuntu focal-proposed/main amd64 Packages dpkg/status 2.3-3ubuntu0. 2 500 archive. ubuntu. com/ubuntu focal-updates/main amd64 Packages 2.3-3ubuntu0. 1 500 security. ubuntu. com/ubuntu focal-security/main amd64 Packages archive. ubuntu. com/ubuntu focal/main amd64 Packages
sssd:
Installed: 2.2.3-3ubuntu0.3
Candidate: 2.2.3-3ubuntu0.3
Version table:
*** 2.2.3-3ubuntu0.3 500
500 http://
100 /var/lib/
2.
500 http://
2.
500 http://
2.2.3-3 500
500 http://
# systemctl restart sssd
# echo $?
0
This verifies that the Focal sssd package in -proposed fixes the bug.