** Description changed:
+ [Impact]
+
+ helper processes can't start due to a bug in the apparmor profile
+
+ [Test case]
+
+ configure the daemon and see how the helpers fail to start
+
+ [Regression potential]
+
+ none really, it is an obvious bug in the profile
+
+ --
+
An incorrect path statement in sssd's apparmor profile prevents sssd
from forking its helper services. The corresponding log messages look
like this:
/var/log/syslog:
May 1 21:55:17 ares sssd: Starting up
May 1 21:55:18 ares kernel: [ 23.115299] type=1400
audit(1367438118.048:16): apparmor="DENIED" operation="exec" parent=925
profile="/usr/sbin/sssd" name="/usr/lib/x86_64-linux-gnu/sssd/sssd_be" pid=929
comm="sssd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
May 1 21:55:18 ares kernel: [ 23.152108] type=1400
audit(1367438118.088:17): apparmor="DENIED" operation="exec" parent=925
profile="/usr/sbin/sssd" name="/usr/lib/x86_64-linux-gnu/sssd/sssd_be" pid=930
comm="sssd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
May 1 21:55:24 ares kernel: [ 29.156118] type=1400
audit(1367438124.092:48): apparmor="DENIED" operation="exec" parent=925
profile="/usr/sbin/sssd" name="/usr/lib/x86_64-linux-gnu/sssd/sssd_be" pid=1293
comm="sssd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
/etc/apparmor.d/usr.sbin.sssd contains this line:
- /usr/lib/sssd/sssd/* rix,
+ /usr/lib/sssd/sssd/* rix,
It has to be changed to look like this to make sssd work again:
- /usr/lib/@{multiarch}/sssd/* rix,
+ /usr/lib/@{multiarch}/sssd/* rix,
The bug affects Ubuntu 13.04 (and probably Saucy) only.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1175317
Title:
incorrect path in apparmor profile prevents sssd from working
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1175317/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
