#1868 sssd fails with readonly /etc/selinux/targeted/logins
Closed: Fixed None Opened 8 years ago by prefect.

On a machine with selinux disabled, and /etc/selinux/targeted/logins/ read-only, sssd fails to allow logins (although 1.8 did). Failure occurs in pam_sss.so,. Making that directory read-write fixes things. By default with a readonly-root, this directory is not made writable (machine in question had an NFS root). So the effect of this was a update from EL6.3 to 6.4 broke authentication.

Given selinux is disabled, it doesn't feel right that this directory needs to be writable anyway.

Michal, can you check if you can reproduce this bug? Setting very restrictive access rights or maybe even chattr +i might be a good reproducer.

owner: somebody => mzidek

Fields changed

patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.5
rhbz: => 0

This bug doesn't affect the master branch.

Fields changed

resolution: => fixed
status: new => closed

Metadata Update from @prefect:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.9.5

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2910

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.