Title: #507: SELINUX: Check if SELinux is managed in selinux_child
Maybe there are simpler steps, but here's what I did:
docker run -t -i --security-opt seccomp:unconfined -h docker.ipa.test --net=host fedora:27
ipa.test here is my test domain.
(You might not need to disable seccomp, but it was useful for me for debugging)
In the docker container, I installed the freeipa-client package, set resolv.conf to my IPA
server, ran ipa-client-install. It will fail because it can't restart a systemd
service, but the machine will be joined.
Then, log in as a user from IPA (not from root). With git master, it should fail and
segfault. Then, compile a new version, and install it in the container. Log in again, the
selinux_child should no longer segfault.
See the full comment at https://github.com/SSSD/sssd/pull/507#issuecomment-363090757