#1868 sssd fails with readonly /etc/selinux/targeted/logins
Closed: Fixed None Opened 6 years ago by prefect.

On a machine with selinux disabled, and /etc/selinux/targeted/logins/ read-only, sssd fails to allow logins (although 1.8 did). Failure occurs in pam_sss.so,. Making that directory read-write fixes things. By default with a readonly-root, this directory is not made writable (machine in question had an NFS root). So the effect of this was a update from EL6.3 to 6.4 broke authentication.

Given selinux is disabled, it doesn't feel right that this directory needs to be writable anyway.

Michal, can you check if you can reproduce this bug? Setting very restrictive access rights or maybe even chattr +i might be a good reproducer.

owner: somebody => mzidek

Fields changed

patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.5
rhbz: => 0

This bug doesn't affect the master branch.

Fields changed

resolution: => fixed
status: new => closed

Metadata Update from @prefect:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.9.5

2 years ago

Login to comment on this ticket.