Bug 1072067
Summary: | SSSD Does not cache SELinux map from FreeIPA correctly | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jakub Hrozek <jhrozek> |
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Kaushik Banerjee <kbanerje> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | abokovoy, grajaiya, jgalipea, jhrozek, ksiddiqu, lslebodn, mkosek, nsoman, pbrezina, preichl, sbose, sgallagh, ssorce, svenkatr, william |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.11.2-54.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | 1071578 | Environment: | |
Last Closed: | 2014-06-13 11:01:50 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1071578 | ||
Bug Blocks: |
Description
Jakub Hrozek
2014-03-03 20:12:22 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/2264 Fixed upstream: master: 0c1a13e435ceab2038233bec3a7468c726b903b9 sssd-1-11: 5f904508153151975e860df72b66753b129a48f4 Verified. now sssd cache persistent after reboot. [root@rhel70-client ~]# rpm -q sssd ipa-client sssd-1.11.2-60.el7.x86_64 ipa-client-3.3.3-25.el7.x86_64 [root@rhel70-client ~]# Steps used for verification: ============================ On IPA Master ============= (1) Added selinux context "staff_u" for user "tuser1" on client . [root@master ~]# ipa hbacrule-show testrule1 Rule name: testrule1 Enabled: TRUE Users: tuser1 Hosts: rhel70-client.testrelm.test [root@master ~]# ipa selinuxusermap-show selinuxrule1 Rule name: selinuxrule1 SELinux User: staff_u:s0-s0:c0.c1023 HBAC Rule: testrule1 Enabled: TRUE [root@master ~]# On IPA Client ============= (2)selinuxusermap context "staff_u" is shown for user "tuser1" on client machine [root@rhel70-client ~]# ssh -l tuser1 rhel70-client.testrelm.test id -Z tuser1.test's password: staff_u:staff_r:staff_t:s0-s0:c0.c1023 Could not chdir to home directory /home/tuser1: No such file or directory [root@rhel70-client ~]# (3)Rebooted client machine [root@rhel70-client ~]# reboot Connection to 10.65.207.134 closed by remote host. Connection to 10.65.207.134 closed. [ksiddiqu@ksiddiqu ~]$ [ksiddiqu@ksiddiqu ~]$ ssh root.207.134 reverse mapping checking getaddrinfo for dhcp207-134.lab.eng.pnq.redhat.com [10.65.207.134] failed - POSSIBLE BREAK-IN ATTEMPT! root.207.134's password: Last login: Fri Mar 21 16:41:42 2014 from 10.65.193.58 [root@rhel70-client ~]# (4)selinuxusermap context "staff_u" is shown for user "tuser1" on client machine even after reboot. [root@rhel70-client ~]# ssh -l tuser1 rhel70-client.testrelm.test id -Z tuser1.test's password: staff_u:staff_r:staff_t:s0-s0:c0.c1023 Could not chdir to home directory /home/tuser1: No such file or directory [root@rhel70-client ~]# This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |