Due to some changes in SSSD code I've been hitting the following AVC: Jan 09 14:31:50 client1.ipa.example audit[11625]: AVC avc: denied { setpgid } for pid=11625 comm="sssd_be" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=process permissive=0 Jan 09 14:31:50 client1.ipa.example audit[11629]: AVC avc: denied { setpgid } for pid=11629 comm="sssd_ssh" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=process permissive=0 Jan 09 14:31:50 client1.ipa.example audit[11627]: AVC avc: denied { setpgid } for pid=11627 comm="sssd_sudo" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=process permissive=0 Jan 09 14:31:50 client1.ipa.example audit[11628]: AVC avc: denied { setpgid } for pid=11628 comm="sssd_pam" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=process permissive=0 Jan 09 14:31:50 client1.ipa.example audit[11626]: AVC avc: denied { setpgid } for pid=11626 comm="sssd_nss" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=process permissive=0 Jan 09 14:31:50 client1.ipa.example audit[11630]: AVC avc: denied { setpgid } for pid=11630 comm="sssd_pac" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=process permissive=0 So, the policy has to be updated for the following binaries: - sssd_autofs - sssd_be - sssd_ifp - sssd_nss - sssd_pac - sssd_pam - sssd_secrets - sssd_ssh - sssd_sudo
*** Bug 1418674 has been marked as a duplicate of this bug. ***