Ubuntu
sssd package

  1. Bug #1175317
  2. Comment #0

Comment 0 for bug 1175317

Revision history for this message
Oliver Brakmann (obrakmann) wrote :

An incorrect path statement in sssd's apparmor profile prevents sssd from forking its helper services. The corresponding log messages look like this:

/var/log/syslog:
May 1 21:55:17 ares sssd: Starting up
May 1 21:55:18 ares kernel: [ 23.115299] type=1400 audit(1367438118.048:16): apparmor="DENIED" operation="exec" parent=925 profile="/usr/sbin/sssd" name="/usr/lib/x86_64-linux-gnu/sssd/sssd_be" pid=929 comm="sssd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
May 1 21:55:18 ares kernel: [ 23.152108] type=1400 audit(1367438118.088:17): apparmor="DENIED" operation="exec" parent=925 profile="/usr/sbin/sssd" name="/usr/lib/x86_64-linux-gnu/sssd/sssd_be" pid=930 comm="sssd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
May 1 21:55:24 ares kernel: [ 29.156118] type=1400 audit(1367438124.092:48): apparmor="DENIED" operation="exec" parent=925 profile="/usr/sbin/sssd" name="/usr/lib/x86_64-linux-gnu/sssd/sssd_be" pid=1293 comm="sssd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

/etc/apparmor.d/usr.sbin.sssd contains this line:

  /usr/lib/sssd/sssd/* rix,

It has to be changed to look like this to make sssd work again:
  /usr/lib/@{multiarch}/sssd/* rix,

The bug affects Ubuntu 13.04 (and probably Saucy) only.