The selinux_child failed: (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [seuser_needs_update] (0x2000): getseuserbyname: ret: 0 seuser: unconfined_u mls: unknown (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] (0x0020): could not cache policy database (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] (0x0020): could not cache join database (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] (0x0020): could not enter read-only section (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] (0x0020): Error while reading kernel policy from /var/lib/selinux/targeted/active/policy.linked. (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [set_seuser] (0x0020): Cannot commit SELinux transaction (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [main] (0x0020): Cannot set SELinux login context. (Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [main] (0x0020): selinux_child failed!
What is 'sestatus' telling you? If you don't use the SELInux login mapping, you can set selinux_provider=none to work around tihs.
On Thu, Feb 15, 2018 at 09:45:43AM -0000, Iaroslav wrote:
it happened again with one of our server after power lost.
full logs of all sections with debug_level=10 https://drive.google.com/open?id=1Yq2EQ0W9kSz7NhbrB-sv9EkQ2WD4mdXL
sssctl user-checks test1 user: test1 action: acct service: system-auth
SSSD nss user lookup result:
- user name: test1
- user id: 1400000070
- group id: 1400000070
- gecos: test1 test
- home directory: /home/test1
- shell: /bin/bash
SSSD InfoPipe user lookup result:
- name: test1
- uidNumber: 1400000070
- gidNumber: 1400000070
- gecos: test1 test
- homeDirectory: /home/test1
- loginShell: /bin/bash
testing pam_acct_mgmt
pam_acct_mgmt: Permission denied
PAM Environment:
- no env -
sssctl user-checks pontostroy user: pontostroy action: acct service: system-auth
SSSD nss user lookup result:
- user name: pontostroy
- user id: 1400000014
- group id: 1400000014
- gecos: Iaroslav Andrusyak
- home directory: /home/pontostroy
- shell: /bin/bash
SSSD InfoPipe user lookup result:
- name: pontostroy
- uidNumber: 1400000014
- gidNumber: 1400000014
- gecos: Iaroslav Andrusyak
- homeDirectory: /home/pontostroy
- loginShell: /bin/bash
testing pam_acct_mgmt
pam_acct_mgmt: System error
PAM Environment:
- no env -
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org