Learn more about these different git repos.
Other Git URLs
Description[[BR]] With latest build, getting selinux errors created log files.[[BR]]
Audit log AVCs[[BR]]
type=AVC msg=audit(1253899215.049:2013453): avc: denied { write } for pid=1733 comm="sssd" name="sssd" dev=dm-0 ino=50892 scontext=unconfined_u:system_r:sssd_t :s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=AVC msg=audit(1253899215.049:2013453): avc: denied { add_name } for pid=1733 comm="sssd" name="sssd.log" scontext=unconfined_u:system_r:sssd_t:s0 tcontext =system_u:object_r:var_log_t:s0 tclass=dir type=AVC msg=audit(1253899215.049:2013453): avc: denied { create } for pid=1733 comm="sssd" name="sssd.log" scontext=unconfined_u:system_r:sssd_t:s0 tcontext=u nconfined_u:object_r:var_log_t:s0 tclass=file type=AVC msg=audit(1253899220.006:2013537): avc: denied { write } for pid=1996 comm="sssd_dp" name="sssd" dev=dm-0 ino=50892 scontext=unconfined_u:system_r:sss d_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=AVC msg=audit(1253899220.006:2013537): avc: denied { add_name } for pid=1996 comm="sssd_dp" name="sssd_dp.log" scontext=unconfined_u:system_r:sssd_t:s0 tc ontext=system_u:object_r:var_log_t:s0 tclass=dir type=AVC msg=audit(1253899220.006:2013537): avc: denied { create } for pid=1996 comm="sssd_dp" name="sssd_dp.log" scontext=unconfined_u:system_r:sssd_t:s0 tcon text=unconfined_u:object_r:var_log_t:s0 tclass=file type=AVC msg=audit(1253899293.088:2014798): avc: denied { write } for pid=5593 comm="sssd_be" name="sssd" dev=dm-0 ino=50892 scontext=unconfined_u:system_r:sss d_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=AVC msg=audit(1253899293.088:2014798): avc: denied { add_name } for pid=5593 comm="sssd_be" name="sssd_LDAP.log" scontext=unconfined_u:system_r:sssd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=AVC msg=audit(1253899293.088:2014798): avc: denied { create } for pid=5593 comm="sssd_be" name="sssd_LDAP.log" scontext=unconfined_u:system_r:sssd_t:s0 tc ontext=unconfined_u:object_r:var_log_t:s0 tclass=file type=AVC msg=audit(1253899508.131:2016080): avc: denied { write } for pid=9093 comm="sssd_be" name="sssd" dev=dm-0 ino=50892 scontext=unconfined_u:system_r:sss d_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=AVC msg=audit(1253899508.131:2016080): avc: denied { add_name } for pid=9093 comm="sssd_be" name="sssd_EXAMPLE.COM.log" scontext=unconfined_u:system_r:sss d_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=AVC msg=audit(1253899508.131:2016080): avc: denied { create } for pid=9093 comm="sssd_be" name="sssd_EXAMPLE.COM.log" scontext=unconfined_u:system_r:sssd_ t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file
Version[[BR]]
sssd-client-0.6.0-0.2009092513git9867caa.fc11.i586[[BR]] sssd-0.6.0-0.2009092513git9867caa.fc11.i586
Changes that need to be made to the SELinux policy
#============= sssd_t ============== allow sssd_t self:capability setgid; allow sssd_t tmp_t:dir { write remove_name add_name }; allow sssd_t tmp_t:file { write setattr read lock create unlink open }; allow sssd_t var_log_t:dir { write add_name }; allow sssd_t var_log_t:file create; allow sssd_t var_run_t:file { read unlink open };
cc: => dwalsh milestone: SSSD 1.0 => SSSD 0.6.0 owner: somebody => sgallagh priority: major => blocker tests: 0 => 1
Fixed in selinux-policy-3.6.32-16
fixedin: => 0.6.0 resolution: => fixed status: new => closed
Fields changed
tests: 1 => 0 testsupdated: 0 => 1
rhbz: => 0
Metadata Update from @jgalipea: - Issue assigned to sgallagh - Issue set to the milestone: SSSD 0.6.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1248
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.