Hello all, I will reproduce the issue tomorrow morning on a fresh LXC container. For the sestatus:
# sestatus SELinux status: disabled That isnt surprising for the host is not se-enabled, or even a RHEL/CentOS. The underlining distro supports apparmor profiles. The crappy part is before we did this patch update, everything worked perfectly, although with SE Disabled. I will keep you posted on the LXC test Thanks! Nuno -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Lukas Slebodnik Sent: terça-feira, 14 de fevereiro de 2017 19:13 To: [email protected] Subject: Re: [Freeipa-users] Cannot login after patching on LXC Container On (14/02/17 18:52), Lukas Slebodnik wrote: >On (14/02/17 18:28), Alexander Bokovoy wrote: >>On ti, 14 helmi 2017, Nuno Higgs wrote: >>> Hello, >>> >>> It worked perfecty. >>> I am wondering why this just popped up now with this patch update. >>> Almost none of our containers hosts (and by inherence the >>> containers) have SELINUX enabled for they are primary for testing, and they are on a secure network. >>> With this version of ipa-client, the host has to have SE enabled for >>> the container to inherit the definitions and policies of it? >>As I said, this was an update in SELinux-related libraries and change >>of behavior there, not in SSSD. It is reproducible in other >>environments as well, see, f.e. >>https://bugzilla.redhat.com/show_bug.cgi?id=1415167 >> >Sorry you are wrong. >This is a different bug. >https://bugzilla.redhat.com/show_bug.cgi?id=1412717 >which is unfortunatelly private. > I thought a little bit and I am not sure which bug is this case. What do "sestatus" inside container? LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
