[Freeipa-users] Cannot login after patching on LXC Container
Nuno Higgs
ipa at border.nuneshiggs.com
Tue Feb 14 20:06:58 UTC 2017
Hello all,
I will reproduce the issue tomorrow morning on a fresh LXC container.
For the sestatus:
# sestatus
SELinux status: disabled
That isnt surprising for the host is not se-enabled, or even a RHEL/CentOS.
The underlining distro supports apparmor profiles.
The crappy part is before we did this patch update, everything worked
perfectly, although with SE Disabled.
I will keep you posted on the LXC test
Thanks!
Nuno
-----Original Message-----
From: freeipa-users-bounces at redhat.com
[mailto:freeipa-users-bounces at redhat.com] On Behalf Of Lukas Slebodnik
Sent: terça-feira, 14 de fevereiro de 2017 19:13
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Cannot login after patching on LXC Container
On (14/02/17 18:52), Lukas Slebodnik wrote:
>On (14/02/17 18:28), Alexander Bokovoy wrote:
>>On ti, 14 helmi 2017, Nuno Higgs wrote:
>>> Hello,
>>>
>>> It worked perfecty.
>>> I am wondering why this just popped up now with this patch update.
>>> Almost none of our containers hosts (and by inherence the
>>> containers) have SELINUX enabled for they are primary for testing, and
they are on a secure network.
>>> With this version of ipa-client, the host has to have SE enabled for
>>> the container to inherit the definitions and policies of it?
>>As I said, this was an update in SELinux-related libraries and change
>>of behavior there, not in SSSD. It is reproducible in other
>>environments as well, see, f.e.
>>https://bugzilla.redhat.com/show_bug.cgi?id=1415167
>>
>Sorry you are wrong.
>This is a different bug.
>https://bugzilla.redhat.com/show_bug.cgi?id=1412717
>which is unfortunatelly private.
>
I thought a little bit and I am not sure which bug is this case.
What do "sestatus" inside container?
LS
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list