Learn more about these different git repos.
Other Git URLs
When selinux_child runs in a docker container which doesn't support SELinux at all, we have a dead code in selinux_child since conversion to getseuserbyname()
getseuserbyname()
176 ret = getseuserbyname(ibuf->username, &db_seuser, &db_mls_range); 177 DEBUG(SSSDBG_TRACE_INTERNAL, 178 "getseuserbyname: ret: %d seuser: %s mls: %s\n", 179 ret, db_seuser ? db_seuser : "unknown", 180 db_mls_range ? db_mls_range : "unknown"); 181 if (ret == EOK && db_seuser && db_mls_range && 182 strcmp(db_seuser, ibuf->seuser) == 0 && 183 strcmp(db_mls_range, ibuf->mls_range) == 0) { 184 needs_update = false; 185 } 186 /* OR */ 187 if (ret == ERR_SELINUX_NOT_MANAGED) { ----> getseuserbyname() cannot return internal code ERR_SELINUX_NOT_MANAGED 188 needs_update = false; 189 }
This triggers update even if SELinux is not managed on this machine:
(Mon Jan 15 19:41:57 2018) [[sssd[selinux_child[462]]]] [main] (0x0400): performing selinux operations (Mon Jan 15 19:41:57 2018) [[sssd[selinux_child[462]]]] [seuser_needs_update] (0x2000): getseuserbyname: ret: 0 seuser: admin mls: unknown (Mon Jan 15 19:41:57 2018) [[sssd[selinux_child[462]]]] [sss_semanage_init] (0x0400): SELinux policy not managed via libsemanage
And the update eventually fails with a segfault
(Mon Jan 15 19:39:11 2018) [sssd[be[ipa.test]]] [dp_pam_reply] (0x1000): DP Request [PAM Account #9]: Sending result [4][ipa.test] (Mon Jan 15 19:39:11 2018) [sssd[be[ipa.test]]] [child_sig_handler] (0x1000): Waiting for child [423]. (Mon Jan 15 19:39:11 2018) [sssd[be[ipa.test]]] [child_sig_handler] (0x0020): child [423] was terminated by signal [11].
We should probably check if SELinux is managed and if not, just quit like we did before.
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.1
master:
Metadata Update from @lslebodn: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1516700
Issue linked to Bugzilla: Bug 1516700
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4639
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.