Red Hat Bugzilla – Bug 799968
Policy for SSSD should allow CAP_SYS_RESOURCE
Last modified: 2012-10-16 07:03:05 EDT
Description of problem:
SSSD sometimes handles very busy systems with more than 4k processes running simultaneously. We need the CAP_SYS_RESOURCE privilege to request a higher open file-descriptor limit to achieve this.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Start sssd-1.8.0-11.el6
2. See AVC about SSSD requesting more file descriptors
SSSD is denied privileges to request 8k descriptors.
SSSD should be allowed to perform this action.
Internally, we handle the denial gracefully and just set our limits to the available maximum.
Fixed in selinux-policy-3.7.19-139.el6
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.