Bug 1373265
Summary: | sssd need write access to /etc/sssd/ | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Patrik Kis <pkis> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED NOTABUG | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.3 | CC: | lslebodn, lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-02-13 09:44:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Patrik Kis
2016-09-05 15:58:17 UTC
A few more AVC denial appeared in permissive mode: ---- type=SYSCALL msg=audit(09/06/2016 03:18:12.063:438) : arch=x86_64 syscall=open success=yes exit=6 a0=0x7f9078cf61ba a1=O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW a2=0600 a3=0x30733a745f666e6f items=0 ppid=1 pid=16303 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:18:12.063:438) : avc: denied { write } for pid=16303 comm=sssd path=/etc/sssd/sssd.conf dev="dm-0" ino=101340868 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file type=AVC msg=audit(09/06/2016 03:18:12.063:438) : avc: denied { create } for pid=16303 comm=sssd name=sssd.conf scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file type=AVC msg=audit(09/06/2016 03:18:12.063:438) : avc: denied { add_name } for pid=16303 comm=sssd name=sssd.conf scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=dir type=AVC msg=audit(09/06/2016 03:18:12.063:438) : avc: denied { write } for pid=16303 comm=sssd name=sssd dev="dm-0" ino=101108507 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=dir ---- type=SYSCALL msg=audit(09/06/2016 03:18:12.073:439) : arch=x86_64 syscall=fchown success=yes exit=0 a0=0x6 a1=0x0 a2=0x0 a3=0x7ffde293f570 items=0 ppid=1 pid=16303 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:18:12.073:439) : avc: denied { setattr } for pid=16303 comm=sssd name=sssd.conf dev="dm-0" ino=101340868 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file ---- type=SYSCALL msg=audit(09/06/2016 03:18:12.746:440) : arch=x86_64 syscall=bind success=yes exit=0 a0=0x10 a1=0x7ffde293fa20 a2=0x29 a3=0x7ffde293f780 items=0 ppid=16303 pid=16304 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:18:12.746:440) : avc: denied { create } for pid=16304 comm=sssd name=sbus-monitor scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file ---- type=SYSCALL msg=audit(09/06/2016 03:18:12.747:441) : arch=x86_64 syscall=chmod success=yes exit=0 a0=0x7f9079e31db0 a1=0777 a2=0x1 a3=0x7ffde293f780 items=0 ppid=16303 pid=16304 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:18:12.747:441) : avc: denied { setattr } for pid=16304 comm=sssd name=sbus-monitor dev="dm-0" ino=33605410 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file ---- type=SYSCALL msg=audit(09/06/2016 03:18:12.747:442) : arch=x86_64 syscall=stat success=yes exit=0 a0=0x7f9079e2e2ba a1=0x7ffde293fdb0 a2=0x7ffde293fdb0 a3=0x7ffde293f9d0 items=0 ppid=16303 pid=16304 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:18:12.747:442) : avc: denied { getattr } for pid=16304 comm=sssd path=/var/lib/sss/pipes/private/sbus-monitor dev="dm-0" ino=33605410 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file ---- type=SYSCALL msg=audit(09/06/2016 03:18:12.756:443) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x11 a1=0x7fff6536e710 a2=0x29 a3=0x7fff6536e480 items=0 ppid=16304 pid=16305 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd_be exe=/usr/libexec/sssd/sssd_be subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:18:12.756:443) : avc: denied { write } for pid=16305 comm=sssd_be name=sbus-monitor dev="dm-0" ino=33605410 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file ---- type=SYSCALL msg=audit(09/06/2016 03:19:23.916:451) : arch=x86_64 syscall=unlink success=yes exit=0 a0=0x7f9078cf53cf a1=0x7ffde293fc44 a2=0xfffffffffffffe50 a3=0x0 items=0 ppid=1 pid=16304 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:19:23.916:451) : avc: denied { unlink } for pid=16304 comm=sssd name=sssd.pid dev="tmpfs" ino=92615 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file ---- type=SYSCALL msg=audit(09/06/2016 03:19:23.916:452) : arch=x86_64 syscall=unlink success=yes exit=0 a0=0x7f9079e251d0 a1=0x0 a2=0x2f a3=0x7ffde293f7a0 items=0 ppid=1 pid=16304 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:19:23.916:452) : avc: denied { unlink } for pid=16304 comm=sssd name=sbus-monitor dev="dm-0" ino=33605410 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file ---- type=SYSCALL msg=audit(09/06/2016 03:19:24.012:455) : arch=x86_64 syscall=open success=yes exit=13 a0=0x7f1b614b2cf0 a1=O_RDWR|O_CREAT a2=0666 a3=0x3 items=0 ppid=16473 pid=16474 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:19:24.012:455) : avc: denied { write } for pid=16474 comm=sssd name=sssd.ldb dev="dm-0" ino=33605407 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file ---- type=SYSCALL msg=audit(09/06/2016 03:19:24.012:456) : arch=x86_64 syscall=chown success=yes exit=0 a0=0x7f1b614b32b0 a1=root a2=root a3=0x7ffebf42d390 items=0 ppid=16473 pid=16474 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:19:24.012:456) : avc: denied { setattr } for pid=16474 comm=sssd name=cache_shadowutils.ldb dev="dm-0" ino=33605408 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file ---- type=SYSCALL msg=audit(09/06/2016 03:19:25.104:463) : arch=x86_64 syscall=open success=yes exit=13 a0=0x7f575f12dbf0 a1=O_RDWR|O_CREAT a2=0666 a3=0x3 items=0 ppid=16559 pid=16560 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:19:25.104:463) : avc: denied { write } for pid=16560 comm=sssd name=sssd.ldb dev="dm-0" ino=33605407 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file ---- type=SYSCALL msg=audit(09/06/2016 03:19:25.104:464) : arch=x86_64 syscall=chown success=yes exit=0 a0=0x7f575f12e260 a1=root a2=root a3=0x7ffe0b83e860 items=0 ppid=16559 pid=16560 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:19:25.104:464) : avc: denied { setattr } for pid=16560 comm=sssd name=cache_shadowutils.ldb dev="dm-0" ino=33605408 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file ---- type=SYSCALL msg=audit(09/06/2016 03:20:24.960:474) : arch=x86_64 syscall=open success=yes exit=13 a0=0x7f4108c127c0 a1=O_RDWR|O_CREAT a2=0666 a3=0x3 items=0 ppid=16836 pid=16837 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:20:24.960:474) : avc: denied { write } for pid=16837 comm=sssd name=sssd.ldb dev="dm-0" ino=33605407 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file ---- type=SYSCALL msg=audit(09/06/2016 03:20:24.960:475) : arch=x86_64 syscall=chown success=yes exit=0 a0=0x7f4108c12eb0 a1=root a2=root a3=0x7ffceb0a6830 items=0 ppid=16836 pid=16837 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(09/06/2016 03:20:24.960:475) : avc: denied { setattr } for pid=16837 comm=sssd name=cache_shadowutils.ldb dev="dm-0" ino=33605408 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file (In reply to Patrik Kis from comment #1) > A few more AVC denial appeared in permissive mode: > > ---- > type=SYSCALL msg=audit(09/06/2016 03:18:12.063:438) : arch=x86_64 > syscall=open success=yes exit=6 a0=0x7f9078cf61ba > a1=O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW a2=0600 a3=0x30733a745f666e6f items=0 > ppid=1 pid=16303 auid=unset uid=root gid=root euid=root suid=root fsuid=root > egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd > exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) > type=AVC msg=audit(09/06/2016 03:18:12.063:438) : avc: denied { write } > for pid=16303 comm=sssd path=/etc/sssd/sssd.conf dev="dm-0" ino=101340868 > scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file > type=AVC msg=audit(09/06/2016 03:18:12.063:438) : avc: denied { create } > for pid=16303 comm=sssd name=sssd.conf scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file > type=AVC msg=audit(09/06/2016 03:18:12.063:438) : avc: denied { add_name } > for pid=16303 comm=sssd name=sssd.conf scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=dir > type=AVC msg=audit(09/06/2016 03:18:12.063:438) : avc: denied { write } > for pid=16303 comm=sssd name=sssd dev="dm-0" ino=101108507 > scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=dir > ---- > type=SYSCALL msg=audit(09/06/2016 03:18:12.073:439) : arch=x86_64 > syscall=fchown success=yes exit=0 a0=0x6 a1=0x0 a2=0x0 a3=0x7ffde293f570 > items=0 ppid=1 pid=16303 auid=unset uid=root gid=root euid=root suid=root > fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sssd > exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) > type=AVC msg=audit(09/06/2016 03:18:12.073:439) : avc: denied { setattr } > for pid=16303 comm=sssd name=sssd.conf dev="dm-0" ino=101340868 > scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file > ---- It is caused by copying default config /usr/lib64/sssd/conf/sssd.conf if /etc/sssd/sssd.conf does not exist. > type=SYSCALL msg=audit(09/06/2016 03:18:12.746:440) : arch=x86_64 > syscall=bind success=yes exit=0 a0=0x10 a1=0x7ffde293fa20 a2=0x29 > a3=0x7ffde293f780 items=0 ppid=16303 pid=16304 auid=unset uid=root gid=root > euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) > ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 > key=(null) > type=AVC msg=audit(09/06/2016 03:18:12.746:440) : avc: denied { create } > for pid=16304 comm=sssd name=sbus-monitor > scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file > ---- > type=SYSCALL msg=audit(09/06/2016 03:18:12.747:441) : arch=x86_64 > syscall=chmod success=yes exit=0 a0=0x7f9079e31db0 a1=0777 a2=0x1 > a3=0x7ffde293f780 items=0 ppid=16303 pid=16304 auid=unset uid=root gid=root > euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) > ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 > key=(null) > type=AVC msg=audit(09/06/2016 03:18:12.747:441) : avc: denied { setattr } > for pid=16304 comm=sssd name=sbus-monitor dev="dm-0" ino=33605410 > scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file > ---- > type=SYSCALL msg=audit(09/06/2016 03:18:12.747:442) : arch=x86_64 > syscall=stat success=yes exit=0 a0=0x7f9079e2e2ba a1=0x7ffde293fdb0 > a2=0x7ffde293fdb0 a3=0x7ffde293f9d0 items=0 ppid=16303 pid=16304 auid=unset > uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root > fsgid=root tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd > subj=system_u:system_r:sssd_t:s0 key=(null) > type=AVC msg=audit(09/06/2016 03:18:12.747:442) : avc: denied { getattr } > for pid=16304 comm=sssd path=/var/lib/sss/pipes/private/sbus-monitor > dev="dm-0" ino=33605410 scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file > ---- > type=SYSCALL msg=audit(09/06/2016 03:18:12.756:443) : arch=x86_64 > syscall=connect success=yes exit=0 a0=0x11 a1=0x7fff6536e710 a2=0x29 > a3=0x7fff6536e480 items=0 ppid=16304 pid=16305 auid=unset uid=root gid=root > euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) > ses=unset comm=sssd_be exe=/usr/libexec/sssd/sssd_be > subj=system_u:system_r:sssd_t:s0 key=(null) > type=AVC msg=audit(09/06/2016 03:18:12.756:443) : avc: denied { write } > for pid=16305 comm=sssd_be name=sbus-monitor dev="dm-0" ino=33605410 > scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file Previous seems to be related to /var/lib/sss/pipes/private/sbus-monitor But I do not understand why tcontext is system_u:object_r:sssd_conf_t:s0. > ---- > type=SYSCALL msg=audit(09/06/2016 03:19:23.916:451) : arch=x86_64 > syscall=unlink success=yes exit=0 a0=0x7f9078cf53cf a1=0x7ffde293fc44 > a2=0xfffffffffffffe50 a3=0x0 items=0 ppid=1 pid=16304 auid=unset uid=root > gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root > tty=(none) ses=unset comm=sssd exe=/usr/sbin/sssd > subj=system_u:system_r:sssd_t:s0 key=(null) > type=AVC msg=audit(09/06/2016 03:19:23.916:451) : avc: denied { unlink } > for pid=16304 comm=sssd name=sssd.pid dev="tmpfs" ino=92615 > scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file > ---- > type=SYSCALL msg=audit(09/06/2016 03:19:23.916:452) : arch=x86_64 > syscall=unlink success=yes exit=0 a0=0x7f9079e251d0 a1=0x0 a2=0x2f > a3=0x7ffde293f7a0 items=0 ppid=1 pid=16304 auid=unset uid=root gid=root > euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) > ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 > key=(null) > type=AVC msg=audit(09/06/2016 03:19:23.916:452) : avc: denied { unlink } > for pid=16304 comm=sssd name=sbus-monitor dev="dm-0" ino=33605410 > scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file > ---- > type=SYSCALL msg=audit(09/06/2016 03:19:24.012:455) : arch=x86_64 > syscall=open success=yes exit=13 a0=0x7f1b614b2cf0 a1=O_RDWR|O_CREAT a2=0666 > a3=0x3 items=0 ppid=16473 pid=16474 auid=unset uid=root gid=root euid=root > suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset > comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 key=(null) > type=AVC msg=audit(09/06/2016 03:19:24.012:455) : avc: denied { write } > for pid=16474 comm=sssd name=sssd.ldb dev="dm-0" ino=33605407 > scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file > ---- > type=SYSCALL msg=audit(09/06/2016 03:19:24.012:456) : arch=x86_64 > syscall=chown success=yes exit=0 a0=0x7f1b614b32b0 a1=root a2=root > a3=0x7ffebf42d390 items=0 ppid=16473 pid=16474 auid=unset uid=root gid=root > euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) > ses=unset comm=sssd exe=/usr/sbin/sssd subj=system_u:system_r:sssd_t:s0 > key=(null) > type=AVC msg=audit(09/06/2016 03:19:24.012:456) : avc: denied { setattr } > for pid=16474 comm=sssd name=cache_shadowutils.ldb dev="dm-0" ino=33605408 > scontext=system_u:system_r:sssd_t:s0 > tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file cache_shadowutils.ldb says that default configuration was used. But I do not understand why there is a wrong SELinux context there. It's weird that /var/lib/sss/pipes/private/sbus-monitor is labeled sssd_conf_t. And sssd.pid should not be labeled sssd_conf_t. Just for your information. The feature of copying default sssd.conf (/usr/lib64/sssd/conf/sssd.conf) was reverted for rhel7.3 in sssd-1.14.0-36.el7 A new AVC denial appeared: type=SYSCALL msg=audit(1473934873.287:1068): arch=c0000015 syscall=40 success=no exit=-13 a0=3fffc7d6ad88 a1=0 a2=3fff87d90fd0 a3=0 items=0 ppid=29209 pid=29496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="selinux_child" exe="/usr/libexec/sssd/selinux_child" subj=system_u:system_r:sssd_selinux_manager_t:s0 key=(null) type=AVC msg=audit(1473934873.287:1068): avc: denied { rmdir } for pid=29496 comm="selinux_child" name="contexts" dev="dm-0" ino=101862232 scontext=system_u:system_r:sssd_selinux_manager_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir (In reply to Patrik Kis from comment #6) > A new AVC denial appeared: > > type=SYSCALL msg=audit(1473934873.287:1068): arch=c0000015 syscall=40 > success=no exit=-13 a0=3fffc7d6ad88 a1=0 a2=3fff87d90fd0 a3=0 items=0 > ppid=29209 pid=29496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="selinux_child" > exe="/usr/libexec/sssd/selinux_child" > subj=system_u:system_r:sssd_selinux_manager_t:s0 key=(null) > type=AVC msg=audit(1473934873.287:1068): avc: denied { rmdir } for > pid=29496 comm="selinux_child" name="contexts" dev="dm-0" ino=101862232 > scontext=system_u:system_r:sssd_selinux_manager_t:s0 > tcontext=system_u:object_r:default_context_t:s0 tclass=dir This is unrelated to this this BZ; file a new one. (In reply to Lukas Slebodnik from comment #8) > (In reply to Patrik Kis from comment #6) > > This is unrelated to this this BZ; file a new one. Right. See bug 1378108. This feature was reverted in sssd upstream. And will be part of sssd-1.15.1 Feel free to close it. |