Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-40894

SSSD offline causing test-adtrust-install failure

XMLWordPrintable

    • idm-DL1-8100020241127152231.823393f5
    • None
    • Moderate
    • 1
    • rhel-sst-idm-ipa
    • ssg_idm
    • 2
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • 2024-Q4-Alpha-S5
    • Unspecified Release Note Type - Unknown
    • None

      What were you trying to do that didn't work?

      While investigating FreeIPA test failure I noticed it is failing due SSSD being offline. After further look into it, it seems like this happens because it is facing denial from SELinux which is affecting and killing SSSD process. 

      How reproducible:

      Section from audit.log with faced issue:

      node=replica1.testrelm.test type=AVC msg=audit(1718101440.457:74310): avc:  denied  { getattr } for  pid=22753 comm="systemctl" name="/" dev="vda3" ino=128 scontext=system_u:system_r:ipa_helper_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
node=replica1.testrelm.test type=SYSCALL msg=audit(1718101440.457:74310): arch=c000003e syscall=138 success=no exit=-13 a0=3 a1=7ffd242f92c0 a2=280100 a3=0 items=0 ppid=22606 pid=22753 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemctl" exe="/usr/bin/systemctl" subj=system_u:system_r:ipa_helper_t:s0 key=(null)ARCH=x86_64 SYSCALL=fstatfs AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
node=replica1.testrelm.test type=PROCTITLE msg=audit(1718101440.457:74310): proctitle=2F62696E2F73797374656D63746C0069732D61637469766500646972737276405445535452454C4D2D544553542E73657276696365
node=replica1.testrelm.test type=AVC msg=audit(1718101440.548:74311): avc:  denied  { getattr } for  pid=22755 comm="systemctl" name="/" dev="vda3" ino=128 scontext=system_u:system_r:ipa_helper_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
node=replica1.testrelm.test type=SYSCALL msg=audit(1718101440.548:74311): arch=c000003e syscall=138 success=no exit=-13 a0=3 a1=7ffdf224c6c0 a2=280100 a3=0 items=0 ppid=22606 pid=22755 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemctl" exe="/usr/bin/systemctl" subj=system_u:system_r:ipa_helper_t:s0 key=(null)ARCH=x86_64 SYSCALL=fstatfs AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
node=replica1.testrelm.test type=PROCTITLE msg=audit(1718101440.548:74311): proctitle=2F62696E2F73797374656D63746C007265737461727400737373642E73657276696365
node=replica1.testrelm.test type=SERVICE_STOP msg=audit(1718101440.573:74312): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sssd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"

      Related links provided in comment. 

              rh-ee-ebelko Erik Belko
              rh-ee-ebelko Erik Belko
              Florence Renaud Florence Renaud
              Erik Belko Erik Belko
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: