1) # aa-enforce usr.sbin.sssd (default)
journal contains:
Jan 27 17:46:27 s2r5node66 sssd[3382]: ldb: unable to open modules directory
'/usr/lib/x86_64-linux-gnu/ldb/modules/ldb'
Jan 27 17:46:25 s2r5node66 systemd[1]: Starting System Security Services
Daemon...
Jan 27 17:46:25 s2r5node66 systemd[1]: sssd.service: Main process exited,
code=exited, status=4/NOPERMISSION
Jan 27 17:46:25 s2r5node66 systemd[1]: sssd.service: Failed with result
'exit-code'.
Jan 27 17:46:25 s2r5node66 systemd[1]: Failed to start System Security Services
Daemon.
2) # aa-complain usr.sbin.sssd; systemctl restart sssd
Jan 27 17:50:07 s2r5node66 audit[10294]: AVC apparmor="ALLOWED"
operation="open" info="Failed name lookup - disconnected path" error=-13
profile="/usr/sbin/sssd" name="usr/lib/x86_64-linux-gnu/ldb/modules/ldb"
pid=10294 comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
3) modify /etc/apparmor/usr.sbin.sssd
/usr/sbin/sssd flags=(complain,attach_disconnected) {
# aa-enforce usr.sbin.sssd
/usr/sbin/sssd flags=(attach_disconnected) {
# systemctl restart sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/lib/systemd/system/sssd.service; enabled; vendor preset:
enabled)
Active: active (running) since Wed 2021-01-27 17:53:06 UTC; 7s ago
and ssh works again.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1913470
Title:
sssd also needs `attach_disconnected` in its apparmor profile
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1913470/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
