SSSD Prevented from Notifying Systemd on Startup by Apparmor
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
Fix Released
|
Low
|
Andreas Hasenack |
Bug Description
Release Details:
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Package version: sssd-common 1.13.4-1ubuntu1.5
=======
Expected: Upon updating sssd-common on 16.04, the sssd service is successfully restarted via:
systemctl --system daemon-reload >/dev/null || true
Observed: The postinst script for sssd-common fails when the systemd service reports a "timeout":
"Job for sssd.service failed because a timeout was exceeded. See "systemctl status sssd.service" and "journalctl -xe" for details."
=======
On 16.04, sssd attempts to notify systemd on startup (via a call to sd_notify). Apparmor prevents this.
Relevant debug log messages from sssd:
(Mon May 8 18:36:29 2017) [sssd] [mark_service_
(Mon May 8 18:36:29 2017) [sssd] [mark_service_
Corresponding apparmor complaint entries:
kernel: [425822.018708] audit: type=1400 audit(149426858
Adding the following entry to the loaded apparmor profiles sees the issue resolved:
/{,var/
This may ultimately be an issue with the packaged apparmor profiles for 16.04, but we first saw it manifest upon upgrading sssd-common to 1.13.4-1ubuntu1.5
tags: | added: bitesize server-next |
Changed in sssd (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in sssd (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
Changed in sssd (Ubuntu): | |
status: | Triaged → In Progress |
The sd_notify call that shows up in this diff may be implicated: https:/ /launchpadlibra rian.net/ 318369261/ sssd_1. 13.4-1ubuntu1. 2_1.13. 4-1ubuntu1. 5.diff. gz