URL: https://github.com/SSSD/sssd/pull/626 Author: jhrozek Title: #626: SELINUX: Also call is_selinux_enabled as a check for selinux child Action: opened
PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/3796
The SSSD selinux management routines were only checking if SELinux is managed on the system. If it is managed, the code tries to proceed and set the login context, otherwise an error is returned which SSSD handles gracefully.
But this is not enough, in some cases SELinux might be disabled, but managed and in these cases SSSD was returning strange errors, which might have prevented login with selinux provider in effect.
We got this hint form the RH SELinux maintainer: """ libsemanage is for managing SELinux infrastructure. generally if there's /etc/selinux/config where libsemanage can read SELINUXTYPE and SELinux module store - /etc/selinux/<SELINUXTYPE>/active (or /var/lib/selinux/<SELINUXTYPE>/active) - is available, libsemanage can manage it even when SELinux is disabled.
I'm not sure if selinux_child doesn any is_selinux_enabled() checks but it could help to avoid such situations. "" """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/626/head:pr626 git checkout pr626
URL: https://github.com/SSSD/sssd/pull/626 Title: #626: SELINUX: Also call is_selinux_enabled as a check for selinux child
fidencio commented: """ Patch looks good enough and we got a confirmation that the fix works. """
See the full comment at https://github.com/SSSD/sssd/pull/626#issuecomment-409930826
URL: https://github.com/SSSD/sssd/pull/626 Title: #626: SELINUX: Also call is_selinux_enabled as a check for selinux child
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/626 Title: #626: SELINUX: Also call is_selinux_enabled as a check for selinux child
fidencio commented: """ master: 1e81d04 """
See the full comment at https://github.com/SSSD/sssd/pull/626#issuecomment-411663228
URL: https://github.com/SSSD/sssd/pull/626 Author: jhrozek Title: #626: SELINUX: Also call is_selinux_enabled as a check for selinux child Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/626/head:pr626 git checkout pr626
URL: https://github.com/SSSD/sssd/pull/626 Title: #626: SELINUX: Also call is_selinux_enabled as a check for selinux child
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/626 Title: #626: SELINUX: Also call is_selinux_enabled as a check for selinux child
Label: +Pushed
sssd-devel@lists.fedorahosted.org