[Bug 1557157] Re: apparmor profile denied for saslauthd: /run/saslauthd/mux

Andreas Hasenack Wed, 08 Jul 2020 10:35:24 -0700

bionic verification

First reproducing the problem:
  Version table:
 *** 2.4.45+dfsg-1ubuntu1.5 500
        500 http://br.archive.ubuntu.com/ubuntu bionic-updates/main amd64 
Packages
        500 http://br.archive.ubuntu.com/ubuntu bionic-security/main amd64 
Packages
        100 /var/lib/dpkg/status


Command fails:
root@bionic-openldap-saslauthd-1557157:~# ldapsearch -H ldapi:/// -LLL -b 
'dc=example,dc=com' -s base -U root -Y PLAIN
SASL/PLAIN authentication started
Please enter your password: 
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
        additional info: SASL(-1): generic failure: Password verification failed

And dmesg shows the apparmor denial:
[17283.881912] audit: type=1400 audit(1594228773.536:453): apparmor="DENIED" 
operation="connect" 
namespace="root//lxd-bionic-openldap-saslauthd-1557157_<var-snap-lxd-common-lxd>"
 profile="/usr/sbin/slapd" name="/run/saslauthd/mux" pid=153401 comm="slapd" 
requested_mask="wr" denied_mask="wr" fsuid=1000111 ouid=1000000


With the updated package from proposed:
  Version table:
 *** 2.4.45+dfsg-1ubuntu1.6 500
        500 http://br.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 
Packages
        100 /var/lib/dpkg/status

The ldapsearch command works, and there is no apparmor error in dmesg:
root@bionic-openldap-saslauthd-1557157:~# ldapsearch -H ldapi:/// -LLL -b 
'dc=example,dc=com' -s base -U root -Y PLAIN
SASL/PLAIN authentication started
Please enter your password: 
SASL username: root
SASL SSF: 0
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example
dc: example


Bionic verification succeeded.

** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1557157

Title:
  apparmor profile denied for saslauthd: /run/saslauthd/mux

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1557157/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1557157] Re: apparmor profile denied for saslauthd: /run/saslauthd/mux

Reply via email to