Bug 1414308 - SELinux AVC deny when using KDCproxy (krb5_child sssd tcp)
Summary: SELinux AVC deny when using KDCproxy (krb5_child sssd tcp)
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy
Version: 7.2
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Lukas Vrabec
QA Contact: Milos Malik
Mirek Jahoda
Depends On: 1398684
TreeView+ depends on / blocked
Reported: 2017-01-18 09:34 UTC by Jaroslav Reznik
Modified: 2020-04-15 15:07 UTC (History)
14 users (show)

Fixed In Version: selinux-policy-3.13.1-60.el7_2.11
Doc Type: Bug Fix
Doc Text:
Due to a missing SELinux rule, the krb5_child process failed to retrieve a ticket from the Key Distribution Center (KDC) proxy through HTTPS. This incorrect behavior prevented System Security Services Daemon (SSSD) from completing the authentication. The rule for allowing the sssd_t domain to access a TCP socket has been added and SELinux denials no longer occur during an SSSD authentication using KDCproxy.
Clone Of: 1398684
Last Closed: 2017-01-31 16:46:48 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:0222 0 normal SHIPPED_LIVE selinux-policy bug fix update 2017-01-31 21:45:58 UTC

Description Jaroslav Reznik 2017-01-18 09:34:04 UTC
This bug has been copied from bug #1398684 and has been proposed
to be backported to 7.2 z-stream (EUS).

Comment 7 errata-xmlrpc 2017-01-31 16:46:48 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.