Ubuntu
sssd package

  1. Bug #1913470
  2. Comment #1

Comment 1 for bug 1913470

Revision history for this message
Nish Aravamudan (nacc) wrote :

1) # aa-enforce usr.sbin.sssd (default)

journal contains:

Jan 27 17:46:27 s2r5node66 sssd[3382]: ldb: unable to open modules directory '/usr/lib/x86_64-linux-gnu/ldb/modules/ldb'
Jan 27 17:46:25 s2r5node66 systemd[1]: Starting System Security Services Daemon...
Jan 27 17:46:25 s2r5node66 systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
Jan 27 17:46:25 s2r5node66 systemd[1]: sssd.service: Failed with result 'exit-code'.
Jan 27 17:46:25 s2r5node66 systemd[1]: Failed to start System Security Services Daemon.

2) # aa-complain usr.sbin.sssd; systemctl restart sssd

Jan 27 17:50:07 s2r5node66 audit[10294]: AVC apparmor="ALLOWED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/sssd" name="usr/lib/x86_64-linux-gnu/ldb/modules/ldb" pid=10294 comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

3) modify /etc/apparmor/usr.sbin.sssd

/usr/sbin/sssd flags=(complain,attach_disconnected) {

# aa-enforce usr.sbin.sssd

/usr/sbin/sssd flags=(attach_disconnected) {

# systemctl restart sssd

● sssd.service - System Security Services Daemon
   Loaded: loaded (/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2021-01-27 17:53:06 UTC; 7s ago

and ssh works again.