[Bug 1175317] Re: incorrect path in apparmor profile prevents sssd from working

Timo Aaltonen tjaalton at ubuntu.com
Mon Jul 1 08:08:33 UTC 2013 

** Description changed:

+ [Impact]
+ 
+ helper processes can't start due to a bug in the apparmor profile
+ 
+ [Test case]
+ 
+ configure the daemon and see how the helpers fail to start
+ 
+ [Regression potential]
+ 
+ none really, it is an obvious bug in the profile
+ 
+ --
+ 
  An incorrect path statement in sssd's apparmor profile prevents sssd
  from forking its helper services.  The corresponding log messages look
  like this:
  
  /var/log/syslog:
  May  1 21:55:17 ares sssd: Starting up
  May  1 21:55:18 ares kernel: [   23.115299] type=1400 audit(1367438118.048:16): apparmor="DENIED" operation="exec" parent=925 profile="/usr/sbin/sssd" name="/usr/lib/x86_64-linux-gnu/sssd/sssd_be" pid=929 comm="sssd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
  May  1 21:55:18 ares kernel: [   23.152108] type=1400 audit(1367438118.088:17): apparmor="DENIED" operation="exec" parent=925 profile="/usr/sbin/sssd" name="/usr/lib/x86_64-linux-gnu/sssd/sssd_be" pid=930 comm="sssd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
  May  1 21:55:24 ares kernel: [   29.156118] type=1400 audit(1367438124.092:48): apparmor="DENIED" operation="exec" parent=925 profile="/usr/sbin/sssd" name="/usr/lib/x86_64-linux-gnu/sssd/sssd_be" pid=1293 comm="sssd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
  
  /etc/apparmor.d/usr.sbin.sssd contains this line:
  
-   /usr/lib/sssd/sssd/* rix,
+   /usr/lib/sssd/sssd/* rix,
  
  It has to be changed to look like this to make sssd work again:
-   /usr/lib/@{multiarch}/sssd/* rix,
+   /usr/lib/@{multiarch}/sssd/* rix,
  
  The bug affects Ubuntu 13.04 (and probably Saucy) only.

-- 
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1175317

Title:
  incorrect path in apparmor profile prevents sssd from working

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1175317/+subscriptions

More information about the ubuntu-archive mailing list