Description of problem: SELinux is preventing /usr/sbin/sshd from read access on the file /var/lib/sss/mc/passwd Version-Release number of selected component (if applicable): selinux-policy-3.7.19-169.el6 How reproducible: Always Steps to Reproduce: 1. Setup sssd to perform a auth. 2. Try to auth as a user. Auth succeeds, but AVC appears. Actual results: On performing a auth, audit.log shows: type=SYSCALL msg=audit(1350289695.662:350): arch=c000003e syscall=2 success=no exit=-13 a0=7ffa6e552b10 a1=80000 a2=0 a3=17 items=0 ppid=5510 pid=20718 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1350289695.662:350): avc: denied { read } for pid=20718 comm="sshd" name="passwd" dev=dm-0 ino=1713209 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:sssd_var_lib_t:s0 tclass=file Expected results: AVC should not appear on performing a auth. Additional info: The following steps solves the issue: # semanage fcontext -a -t sssd_public_t "/var/lib/sss/mc(/.*)?" # restorecon -R -v /var/lib/sss/mc/
We need to backport fixes from Fedora.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0314.html