On Tue, Jul 7, 2020 at 2:40 AM Joshua Schaeffer <jschaef...@harmonywave.com> wrote: > > Looking for some help with getting slapd to be able to connect to saslauthd > inside an LXD container. Whenever slapd needs to connect to the socket I see > the following error message in the host's kernel log: > > Jul 6 13:27:17 host kernel: [923413.078592] audit: type=1400 > audit(1594063637.667:51106): apparmor="DENIED" operation="connect" > namespace="root//lxd-container1_<var-lib-lxd>" profile="/usr/sbin/slapd" > name="/run/saslauthd/mux" pid=58517 comm="slapd" requested_mask="wr" > denied_mask="wr" fsuid=10000111 ouid=10000000 > > I've added the following to the container config and restarted the container, > but I'm still seeing the same problem: > > lxcuser@host:~$ lxc config get container1 raw.apparmor > /run/saslauthd/mux wr, > > I'm not super familiar with AppArmor and going through the docs now, but > thought I'd ask to see if anybody can point me in the right direction.
I'm guessing you haven't test the same slapd setup on VM/baremetal either? Try https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1557157 Looks like the fix is in groovy's openldap already, with other releases pending. Try editing /etc/apparmor.d/usr.sbin.slapd inside the container -- Fajar _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
