sssd's apparmor profile needs chown capability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
Fix Released
|
Low
|
Andreas Hasenack |
Bug Description
When starting sssd, we can see warning in the logs when apparmor is in complain mode:
Jun 21 18:36:52 15-89 kernel: [ 1641.660315] audit: type=1400 audit(149807021
In enforce mode sssd fails to start:
# service sssd start
Job for sssd.service failed because the control process exited with error code. See "systemctl status sssd.service" and "journalctl -xe" for details.
/var/log/syslog:
Jun 21 18:37:31 15-89 systemd[1]: Starting System Security Services Daemon...
Jun 21 18:37:31 15-89 kernel: [ 1681.480758] audit: type=1400 audit(149807025
Jun 21 18:37:31 15-89 sssd: Cannot read config file /etc/sssd/
Jun 21 18:37:31 15-89 systemd[1]: sssd.service: Main process exited, code=exited, status=
Jun 21 18:37:31 15-89 systemd[1]: Failed to start System Security Services Daemon.
Jun 21 18:37:31 15-89 systemd[1]: sssd.service: Unit entered failed state.
Jun 21 18:37:31 15-89 systemd[1]: sssd.service: Failed with result 'exit-code'.
Changed in sssd (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
status: | New → In Progress |
importance: | Undecided → Low |
This bug was fixed in the package sssd - 1.15.2-1ubuntu2
---------------
sssd (1.15.2-1ubuntu2) artful; urgency=medium
* d/apparmor-profile:
- allow the chown capability (LP: #1699576)
- allow sssd to notify systemd during startup (LP: #1689387)
-- Andreas Hasenack <email address hidden> Wed, 21 Jun 2017 15:50:35 -0300