** Changed in: apparmor
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1910611
Title:
sssd startup fails when apparmor in enforcing mode
To manage notifications ab
This bug was fixed in the package sssd - 2.2.3-3ubuntu0.3
---
sssd (2.2.3-3ubuntu0.3) focal; urgency=medium
* d/apparmor-profile: Update profile. (LP: #1910611)
- Extend read permissions to /etc/sssd/** and /etc/gss/**.
- Add read/execute permission to /usr/libexec/sssd/*.
This bug was fixed in the package sssd - 2.3.1-3ubuntu3
---
sssd (2.3.1-3ubuntu3) groovy; urgency=medium
* d/apparmor-profile: Update profile. (LP: #1910611)
- Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*.
- Add read/execute permission to /usr/libexec/
Performing the verification on Groovy:
First, confirming that the current sssd manifests the bug:
# apt policy sssd
sssd:
Installed: 2.3.1-3ubuntu2
Candidate: 2.3.1-3ubuntu2
Version table:
*** 2.3.1-3ubuntu2 500
500 http://archive.ubuntu.com/ubuntu groovy-updates/main amd64 Package
Performing the verification on Focal:
First, confirming that the current sssd manifests the bug:
# apt policy sssd
sssd:
Installed: 2.2.3-3ubuntu0.2
Candidate: 2.2.3-3ubuntu0.2
Version table:
*** 2.2.3-3ubuntu0.2 500
500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Pac
Hello richard, or anyone else affected,
Accepted sssd into groovy-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/sssd/2.3.1-3ubuntu3 in
a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.u
This bug was fixed in the package sssd - 2.4.0-1ubuntu3
---
sssd (2.4.0-1ubuntu3) hirsute; urgency=medium
* d/apparmor-profile: Update profile. (LP: #1910611)
- Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*.
- Add read/execute permission to /usr/libexec
** Merge proposal linked:
https://code.launchpad.net/~sergiodj/ubuntu/+source/sssd/+git/sssd/+merge/396542
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1910611
Title:
sssd startup fails when ap
** Merge proposal linked:
https://code.launchpad.net/~sergiodj/ubuntu/+source/sssd/+git/sssd/+merge/396453
** Merge proposal linked:
https://code.launchpad.net/~sergiodj/ubuntu/+source/sssd/+git/sssd/+merge/396454
--
You received this bug notification because you are a member of Ubuntu
B
** Description changed:
+ [ Impact ]
+
+ sssd users on Focal, Groovy and Hirsute can experience problems when
+ setting sssd's apparmor profile to "Enforce" mode. In this scenario,
+ apparmor will prevent sssd from being able to execute programs under the
+ /usr/libexec/sssd/* path, which will c
** Also affects: sssd (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: sssd (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: sssd (Ubuntu Hirsute)
Importance: Undecided
Assignee: Sergio Durigan Junior (sergiodj)
Status: New
**
** Changed in: sssd (Ubuntu)
Assignee: (unassigned) => Sergio Durigan Junior (sergiodj)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1910611
Title:
sssd startup fails when apparmor in enforcin
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1910611
Title:
sssd startup fails when apparmor in enforcing mode
To manage notifications about this bug go to:
https://bugs
Great, thanks Richard!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1910611
Title:
sssd startup fails when apparmor in enforcing mode
To manage notifications about this bug go to:
https://bugs.lau
Applying the fix above to /etc/apparmor.d/local/usr.sbin.sssd and
running the parser replace fixed the sssd startup issue. I confirmed by
returning sssd to 'enforce' mode (aa-enforce /usr/sbin/sssd).
The 'apparmor_status' output now shows the /usr/libexec/sssd binaries as
well:
apparmor module i
Hello Richard, it looks like the profile may not have kept up with
changes in the packaging.
The profile has probably been broken ever since:
sssd (2.2.0-1) unstable; urgency=medium
* New upstream release.
* control: Bump policy to 4.4.0.
* control, compat, rules: Bump debhelper to 12.
*
16 matches
Mail list logo
