[Bug 1886841] New: Pinpad card reader for login authentication yet you are asked also enter pin on pc keyboard
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1886841
Bug ID: 1886841
Summary: Pinpad card reader for login authentication yet you
are asked also enter pin on pc keyboard
Product: Fedora
Version: 32
Hardware: x86_64
URL: https://lists.fedoraproject.org/archives/list/freeipa-
users(a)lists.fedorahosted.org/thread/FLLIA5RLHT3MO4NI2F
3MJNMBBNGGZA4Z/
OS: Linux
Status: NEW
Component: sssd
Severity: high
Assignee: sssd-maintainers(a)lists.fedoraproject.org
Reporter: peter(a)unix-edu.se
QA Contact: extras-qa(a)fedoraproject.org
CC: abokovoy(a)redhat.com, atikhono(a)redhat.com,
jhrozek(a)redhat.com, lslebodn(a)redhat.com,
mzidek(a)redhat.com, pbrezina(a)redhat.com,
rharwood(a)redhat.com, sbose(a)redhat.com,
ssorce(a)redhat.com,
sssd-maintainers(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Build Identifier:
Hello Folks!
We are working on getting smart card authentication working using pinpad card
readers for improved security.
To do this we use:
FreeIPA Server is running on Fedora 32 with latest updates.
FreeIPA Clients is Fedora 32 Workstation installed on pc with latest updates
with connected usb card reader.
The card reader is Gemalto CT700 with pinpad, we use several user individual
SmartCard HSM 4K with FreeIPA signed certificates on them.
FreeIPA Clients run OpenSC and are configured to use smartcard certificate
based authentication, setup per Smartare HSM best practice.
Further clients are using SSSD and not PAM_PKCS#11.
All working great using smartcard for authentication, as long not enabling the
pinpad in opensc.
If doing so we are prompted for the PIN not only in the pinpad reader but also
GDM prompts you to enter PIN on keyboard.
Expected result is to be logged in directly after entering correct PIN code on
pinpad reader, not being prompted by GDM to enter PIN on keyboard as well.
If enabling pinpad in opensc, login gets a bit odd:
1. Fedora 32 Workstation GDM menu prompts a few users that can login.
2. Smartcard is inserted in reader.
3. GDM blanks out the screen and smartcard reader prompts to enter PIN in its
lcd display.
4. Entering pin on smartcard reader followed by pressing ok button on smartcard
reader at getting result Pin OK in reader display.
5. GDM now prompts for entering PIN on keyboard, this is unexpected, instead of
directly being logged in to the window manager, here Gnome (or xfce, whatever
window manager you selected to use).
6. You have to enter the PIN now on keyboard, followed by hitting enter.
7. Once again smartcard reader now prompts for PIN in its lcd display.
8. Entering PIN on the smartcard pinpad reader followed by pressing pinpad ok
button.
9. You are now logged in, and all is normal. If ripping out the smartcard from
reader the screen locks, as expected.
Sometimes, but not always, you are logged in to window manager directly after
step 5.
What could this be, anyone who have seen this before or know how to set it up ?
Reproducible: Always
Steps to Reproduce:
1. Install and setup FreeIPA server and client on Fedora32 latest updates to
use smartcard authentication for login.
Work on IPA Server:
-------------------
Install Fedora 32 server minimal installation all excluded, update to latest
version (dnf update -y), set hostname, enter server hostname
(ipaserver.mydomain.com) and ip in /etc/hosts, enable and start chrony, reboot.
(As root user)
dnf install ipa-server bind-dyndb-ldap ipa-server-dns -y
for SERVICES in ntp http https ldap ldaps kerberos kpasswd dns; do firewall-cmd
--permanent --add-service=$SERVICES; done
ipa-server-install --setup-dns
.
.
.
Add one secondary DNS in /etc/NetworkManager/conf.d/zzz-ipa.conf
klist
kinit admin
authselect select sssd with-sudo with-mkhomedir
ipa user-add user3 --first=user3 --last=test --email=user3(a)mydomain.com
--shell=/bin/bash --password
id user3
ipa user-find user3
ssh user3(a)ipaserver.mydomain.com
(change password)
reboot
(As root user)
klist
kinit admin
ipa-advise config-server-for-smart-card-auth >
config-server-for-smart-card-auth.sh
chmod u+x config-server-for-smart-card-auth.sh
./config-server-for-smart-card-auth.sh /etc/ipa/ca.crt
.
.
reboot
ipa-advise config-client-for-smart-card-auth >
/tmp/config-client-for-smart-card-auth.sh
chmod a+r /tmp/config-client-for-smart-card-auth.sh
Work on Fedora 32 workstation:
------------------------------
Install Fedora 32 Workstation from live dvd to PC, update to latest version
(dnf update -y), set hostname, enter server hostname (workstation.mydomain.com)
and ip in /etc/hosts, enable and start chrony.
change/add to /etc/sysconfig/network-scripts/reboot, so IPA server becomes
primary DNS for the Fedora 32 Workstation:
PEERDNS=no
DNS1=<ipa server ip address>
DNS2=<second dns server>
SEARCH=mydomain.com
DOMAIN=mydomain.com
Then reboot
Login and check that DNS is working.
(as root user)
dnf install freeipa-client.x86_64 -y
ipa-client-install --mkhomedir
id user3
reboot
Connect gemalto CT700 card reader to pc/Fedora Workstation.
lsusb
dnf install opensc ccid pcsc-tools -y
systemctl enable pcscd
systemctl start pcscd
scp user3@ipaserver:/tmp/config-client-for-smart-card-auth.sh .
chmod +x config-client-for-smart-card-auth.sh
./config-client-for-smart-card-auth.sh /etc/ipa/ca.crt
.
.
.
In /etc/opensc.conf enable pinpad by uncommenting enable_pinpad = true;
Ensure pam_cert_auth is true in sssd.conf:
grep ^pam_cert_auth /etc/sssd/sssd.conf
pam_cert_auth = True
authselect select sssd with-mkhomedir with-sudo with-smartcard
with-smartcard-lock-on-removal --force
authselect current
reboot
2. Prepare smartcard-hsm with user3 certificate using
(as root user)
kinit admin
Insert smartcard-hsm in gemalto ct700 card reader!
pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: Gemalto Ezio Shield (I<some number>) 00 00
Wed Sep 23 14:12:27 2020
Reader 0: Gemalto Ezio Shield (I<some number>) 00 00
.
.
.
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
<some hex number>
Smartcard-HSM
http://www.cardcontact.de/products/sc-hsm.html
pensc-tool --list-readers
# Detected readers (pcsc)
Nr. Card Features Name
0 Yes PIN pad Gemalto Ezio Shield (I<some number>) 00 00
pkcs11-tool --list-slots
Available slots:
Slot 0 (0x0): Gemalto Ezio Shield (I<some number>) 00 00
token label : UserPIN (SmartCard-HSM)
token manufacturer : www.CardContact.de
token model : PKCS#15 emulated
token flags : login required, PIN pad present, rng, token initialized,
PIN initialized
hardware version : 24.13
firmware version : 2.5
serial num : DECM<some number>
pin min/max : 6/15
sc-hsm-tool --create-dkek-share dkek-share-1.pbe
.
.
.
sc-hsm-tool --initialize --so-pin <long pincode> --pin <pincode> --dkek-shares
1
sc-hsm-tool
.
.
.
DKEK shares : 1
DKEK import pending, 1 share(s) still missing
sc-hsm-tool --import-dkek-share dkek-share-1.pbe
.
.
.
Enter password to decrypt DKEK share : <pincode>
sc-hsm-tool
.
.
.
DKEK shares : 1
DKEK key check value : <some hex code>
# generate keypair
pkcs11-tool --module opensc-pkcs11.so --login --pin <pincode> --keypairgen
--key-type rsa:2048 --id 10 --label "HSM RSA Key user3"
pkcs11-tool --list-objects
.
.
.
pkcs11-tool --test --login --pin <pincode>
.
.
.
# Backup DKEK
sc-hsm-tool --wrap-key wrap-key-1.bin --key-reference 1 --pin <pincode>
# Extract card public key for slot 10
pkcs15-tool --read-public-key 10 > user3.pub
# Prepping for and Create CSR to sign by IPA for user3
# Create a file hsm.conf with the content below
cat hsm.conf
# PKCS11 engine config
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[req]
distinguished_name = req_distinguished_name
[req_distinguished_name]
# empty.
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
PIN =
init = 0
# Test that hsm.conf is working, and find pkcs11 engine
OPENSSL_CONF=./hsm.conf openssl engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
(pkcs11) pkcs11 engine
# Create CSR to sign by IPA for user3
OPENSSL_CONF=./hsm.conf openssl req -engine pkcs11 -keyform engine -new -key 10
-sha256 -out user3.csr -subj "/CN=user3"
Login to IPA server using the web interface https://ipaserver.mydomain.com
(this can be performed from command line as well, but we did use the web
interface to IPA)
user user3 Actions -> new certificate
select profile IECuserRoles
copy "user3.csr" from above and paste it in and click "issue" (IPA now sign the
CSR)
To retrieve the signed certificate for user3:
user user3 by Certificates click Actions -> Download and save as. (it downloads
as cert.pem)
Copy the downloaded cerificate (cert.pem) to host with card reader (Fedora 32
Workstation)
Rename it:
mv cert.pem user3.pem
# convert to der format:
openssl x509 -in user3.pem -out user3.der -outform der
# write it to the card in slot 10
pkcs11-tool --module opensc-pkcs11.so --login --pin <pincode> --write-object
user36.der --type cert --id 10
# check that it is there:
pkcs11-tool --list-objects
Using slot 0 with a present token (0x0)
Certificate Object; type = X.509 cert
label: Certificate
subject: DN: O=MYDOMAIN.COM, CN=user3
ID: 10
Public Key Object; RSA 2048 bits
label: Certificate
ID: 10
Usage: encrypt, verify
Smartcard should now be ready for use with IPA.
3. Now try login to workstation.mydomain.com using GDM using the smartcard
issued for user3
Note! user3 password must not have been expired, it should be fixed by the
initial login test above.
As per details above:
1. Fedora 32 Workstation GDM menu prompts a few users that can login.
2. Smartcard is inserted in reader.
3. GDM blanks out the screen and smartcard reader prompts to enter PIN in its
lcd display.
4. Entering pin on smartcard reader followed by pressing ok button on smartcard
reader at getting result Pin OK in reader display.
5. GDM now prompts for entering PIN on keyboard, this is unexpected, instead of
directly being logged in to the window manager, here Gnome (or xfce, whatever
window manager you selected to use).
6. You have to enter the PIN now on keyboard, followed by hitting enter.
7. Once again smartcard reader now prompts for PIN in its lcd display.
8. Entering PIN on the smartcard pinpad reader followed by pressing pinpad ok
button.
9. You are now logged in, and all is normal. If ripping out the smartcard from
reader the screen locks, as expected.
Sometimes, but not always, you are logged in to window manager directly after
step 5.
Actual Results:
You are asked to enter PIN using pinpad on card reader followed by enter PIN
using the keyboard, then you are logged in.
Sometimes you need to enter PIN on pinpad once more after entering PIN using
the keyboard.
Expected Results:
Directly after entering correct PIN using pinpad on card reader you should be
logged in.
Versions:
Fedora32 with latest updates per Oct 9 2020.
freeipa-server-4.8.10-5.fc32.x86_64
freeipa-client-4.8.10-5.fc32.x86_64
sssd-client-2.3.1-2.fc32.x86_64
opensc-0.20.0-6.fc32.x86_64
pcsc-lite-libs-1.9.0-1.fc32.x86_64
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
1 week, 3 days
- 1
- 10
[Bug 2168743] New: Known valid Windows AD Domain credential refused for domain "joined" F37 workstation
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2168743
Bug ID: 2168743
Summary: Known valid Windows AD Domain credential refused for
domain "joined" F37 workstation
Product: Fedora
Version: 37
Hardware: x86_64
OS: Linux
Status: NEW
Component: sssd
Severity: high
Assignee: sssd-maintainers(a)lists.fedoraproject.org
Reporter: cjm(a)tryx.org
QA Contact: extras-qa(a)fedoraproject.org
CC: abokovoy(a)redhat.com, atikhono(a)redhat.com,
jhrozek(a)redhat.com, lslebodn(a)redhat.com,
luk.claes(a)gmail.com, mzidek(a)redhat.com,
pbrezina(a)redhat.com, sbose(a)redhat.com,
ssorce(a)redhat.com,
sssd-maintainers(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Created attachment 1943194
--> https://bugzilla.redhat.com/attachment.cgi?id=1943194&action=edit
/var/log/sssd/sssd_TCLC.org.log
Description of problem:
login:cjm@tclc.org
Password:
Permission denied
Version-Release number of selected component (if applicable):
sssd version: 2.8.2
How reproducible:
100%
Steps to Reproduce:
1. Join the Fedora workstation to the Windows AD Domain
2. Log in as a user with known valid credentials. Credentials are known to be
good because they have worked for ten years on a Windows workstation domain
member.
Actual results:
login:cjm@tclc.org
Password:
Permission denied
Expected results:
login:cjm@tclc.org
Password:
$
Additional info:
# adcli info
adcli: specify a domain to discover
[root@worx ~]# adcli info tclc.org
[domain]
domain-name = TCLC.org
domain-short = TCLC
domain-forest = TCLC.org
domain-controller = Aequitas.TCLC.org
domain-controller-site = Default-First-Site-Name
domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable
good-timeserv full-secret ads-web
domain-controller-usable = yes
domain-controllers = Aequitas.TCLC.org
[computer]
computer-site = Default-First-Site-Name
# adcli show-computer -U sa
Password for sa(a)TCLC.ORG:
sAMAccountName:
WORX$
userPrincipalName:
- not set -
msDS-KeyVersionNumber:
3
msDS-supportedEncryptionTypes:
24
dNSHostName:
worx.tclc.org
servicePrincipalName:
RestrictedKrbHost/worx.tclc.org
RestrictedKrbHost/WORX
host/worx.tclc.org
host/WORX
operatingSystem:
redhat-linux-gnu
operatingSystemVersion:
- not set -
operatingSystemServicePack:
- not set -
pwdLastSet:
133204401440679346
userAccountControl:
69632
description:
- not set -
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2168743
1 week, 3 days
- 1
- 21
[Bug 1857104] New: Using FreeIPA breaks IPv4/IPv6 flags for SSH
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1857104
Bug ID: 1857104
Summary: Using FreeIPA breaks IPv4/IPv6 flags for SSH
Product: Fedora
Version: 32
Status: NEW
Component: sssd
Assignee: sssd-maintainers(a)lists.fedoraproject.org
Reporter: ossman(a)cendio.se
QA Contact: extras-qa(a)fedoraproject.org
CC: abokovoy(a)redhat.com, atikhono(a)redhat.com,
jhrozek(a)redhat.com, lslebodn(a)redhat.com,
mzidek(a)redhat.com, pbrezina(a)redhat.com,
rharwood(a)redhat.com, sbose(a)redhat.com,
ssorce(a)redhat.com,
sssd-maintainers(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Description of problem:
If a client is configured using ipa-client-install then the -4 and -6 flags
stop working for ssh.
Version-Release number of selected component (if applicable):
Doesn't matter. Seen on RHEL 6 through 8, and on current Fedora.
How reproducible:
100%
Steps to Reproduce:
1. ipa-client-install
2. ssh -4 host.example.com
Actual results:
Connected via IPv6
Expected results:
Connected via IPv4
Additional info:
The bug is that sss_ssh_knownhostsproxy is configured on the client and that
command doesn't respect the flags given to ssh.
The issue affects all hosts, not just those part of the same FreeIPA domain.
A practical effect of this is that connections get rejected or misbehave
because of IP based rules in place for this connection.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
2 months, 2 weeks
- 1
- 19
[Bug 2227057] New: Connection refused while resolving ccache
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2227057
Bug ID: 2227057
Summary: Connection refused while resolving ccache
Product: Fedora
Version: 38
Hardware: x86_64
OS: Linux
Status: NEW
Component: sssd
Severity: medium
Assignee: sssd-maintainers(a)lists.fedoraproject.org
Reporter: bsivasub(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: abokovoy(a)redhat.com, atikhono(a)redhat.com,
lslebodn(a)redhat.com, luk.claes(a)gmail.com,
mzidek(a)redhat.com, pbrezina(a)redhat.com,
sbose(a)redhat.com, ssorce(a)redhat.com,
sssd-maintainers(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
This bug report is similar to #1716981.
I am getting connection refused error, whenever I do kinit/ klist/ kdestroy.
The same krb5.conf file used in another machine works pretty well.
Logs from strace
'''
அ ~ KRB5_TRACE=/dev/stderr strace -f kinit
execve("/usr/bin/kinit", ["kinit"], 0x7ffcc9b91078 /* 53 vars */) = 0
brk(NULL) = 0x55d10986c000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffec5245c30) = -1 EINVAL (Invalid
argument)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=73495, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 73495, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f018cbd8000
close(3) = 0
openat(AT_FDCWD, "/lib64/libkadm5srv_mit.so.12", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=124344, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f018cbd6000
mmap(NULL, 123496, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018cbb7000
mmap(0x7f018cbbe000, 69632, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f018cbbe000
mmap(0x7f018cbcf000, 16384, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x18000) = 0x7f018cbcf000
mmap(0x7f018cbd3000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b000) = 0x7f018cbd3000
close(3) = 0
openat(AT_FDCWD, "/lib64/libkdb5.so.10", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=87504, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 86312, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018cba1000
mmap(0x7f018cba6000, 49152, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f018cba6000
mmap(0x7f018cbb2000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x11000) = 0x7f018cbb2000
mmap(0x7f018cbb5000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0x7f018cbb5000
close(3) = 0
openat(AT_FDCWD, "/lib64/libkrb5.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=903184, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 885520, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018cac8000
mmap(0x7f018caea000, 446464, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7f018caea000
mmap(0x7f018cb57000, 237568, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x8f000) = 0x7f018cb57000
mmap(0x7f018cb91000, 61440, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc9000) = 0x7f018cb91000
mmap(0x7f018cba0000, 784, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f018cba0000
close(3) = 0
openat(AT_FDCWD, "/lib64/libcom_err.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=24584, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 24640, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018cac1000
mmap(0x7f018cac3000, 8192, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f018cac3000
mmap(0x7f018cac5000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x4000) = 0x7f018cac5000
mmap(0x7f018cac6000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f018cac6000
close(3) = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 }\2\0\0\0\0\0"..., 832)
= 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"...,
784, 64) = 784
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=2234072, ...}, AT_EMPTY_PATH)
= 0
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"...,
784, 64) = 784
mmap(NULL, 1957168, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f018c8e3000
mmap(0x7f018c909000, 1429504, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7f018c909000
mmap(0x7f018ca66000, 315392, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x183000) = 0x7f018ca66000
mmap(0x7f018cab3000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1d0000) = 0x7f018cab3000
mmap(0x7f018cab9000, 32048, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f018cab9000
close(3) = 0
openat(AT_FDCWD, "/lib64/libgssrpc.so.4", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=139200, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 132800, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018c8c2000
mmap(0x7f018c8c8000, 77824, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f018c8c8000
mmap(0x7f018c8db000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x19000) = 0x7f018c8db000
mmap(0x7f018c8e1000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f000) = 0x7f018c8e1000
close(3) = 0
openat(AT_FDCWD, "/lib64/libgssapi_krb5.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=359488, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f018c8c0000
mmap(NULL, 351032, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018c86a000
mmap(0x7f018c876000, 249856, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f018c876000
mmap(0x7f018c8b3000, 40960, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x49000) = 0x7f018c8b3000
mmap(0x7f018c8bd000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x53000) = 0x7f018c8bd000
close(3) = 0
openat(AT_FDCWD, "/lib64/libk5crypto.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=95496, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 94256, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018c852000
mmap(0x7f018c857000, 53248, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f018c857000
mmap(0x7f018c864000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x12000) = 0x7f018c864000
mmap(0x7f018c867000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14000) = 0x7f018c867000
mmap(0x7f018c869000, 48, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f018c869000
close(3) = 0
openat(AT_FDCWD, "/lib64/libkrb5support.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=67112, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 62096, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018c842000
mmap(0x7f018c846000, 32768, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f018c846000
mmap(0x7f018c84e000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0xc000) = 0x7f018c84e000
mmap(0x7f018c850000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x7f018c850000
close(3) = 0
openat(AT_FDCWD, "/lib64/libkeyutils.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=24704, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 24584, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018c83b000
mmap(0x7f018c83d000, 8192, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f018c83d000
mmap(0x7f018c83f000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x4000) = 0x7f018c83f000
mmap(0x7f018c840000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f018c840000
mmap(0x7f018c841000, 8, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f018c841000
close(3) = 0
openat(AT_FDCWD, "/lib64/libcrypto.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=4443184, ...}, AT_EMPTY_PATH)
= 0
mmap(NULL, 4350968, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f018c400000
mmap(0x7f018c4ad000, 2506752, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xad000) = 0x7f018c4ad000
mmap(0x7f018c711000, 757760, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x311000) = 0x7f018c711000
mmap(0x7f018c7ca000, 368640, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3ca000) = 0x7f018c7ca000
mmap(0x7f018c824000, 9208, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f018c824000
close(3) = 0
openat(AT_FDCWD, "/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=67576, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 72264, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018c829000
mmap(0x7f018c82c000, 36864, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f018c82c000
mmap(0x7f018c835000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0xc000) = 0x7f018c835000
mmap(0x7f018c837000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x7f018c837000
mmap(0x7f018c839000, 6728, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f018c839000
close(3) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f018c827000
openat(AT_FDCWD, "/lib64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=180952, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 181880, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018c3d3000
mmap(0x7f018c3da000, 114688, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f018c3da000
mmap(0x7f018c3f6000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x23000) = 0x7f018c3f6000
mmap(0x7f018c3fc000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x29000) = 0x7f018c3fc000
mmap(0x7f018c3fe000, 5752, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f018c3fe000
close(3) = 0
openat(AT_FDCWD, "/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=107416, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 102408, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018c3b9000
mmap(0x7f018c3bc000, 61440, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f018c3bc000
mmap(0x7f018c3cb000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x12000) = 0x7f018c3cb000
mmap(0x7f018c3d1000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18000) = 0x7f018c3d1000
mmap(0x7f018c3d2000, 8, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f018c3d2000
close(3) = 0
openat(AT_FDCWD, "/lib64/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"...,
832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=631104, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 627248, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f018c31f000
mmap(0x7f018c322000, 446464, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f018c322000
mmap(0x7f018c38f000, 163840, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x70000) = 0x7f018c38f000
mmap(0x7f018c3b7000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x97000) = 0x7f018c3b7000
close(3) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f018c31d000
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f018c31a000
arch_prctl(ARCH_SET_FS, 0x7f018c31a840) = 0
set_tid_address(0x7f018c31ab10) = 9261
set_robust_list(0x7f018c31ab20, 24) = 0
rseq(0x7f018c31b160, 0x20, 0, 0x53053053) = 0
mprotect(0x7f018cab3000, 16384, PROT_READ) = 0
mprotect(0x7f018c3b7000, 4096, PROT_READ) = 0
mprotect(0x7f018c3d1000, 4096, PROT_READ) = 0
mprotect(0x7f018c3fc000, 4096, PROT_READ) = 0
mprotect(0x7f018c837000, 4096, PROT_READ) = 0
mprotect(0x7f018c7ca000, 356352, PROT_READ) = 0
mprotect(0x7f018c840000, 4096, PROT_READ) = 0
mprotect(0x7f018c850000, 4096, PROT_READ) = 0
mprotect(0x7f018c867000, 8192, PROT_READ) = 0
mprotect(0x7f018cac6000, 4096, PROT_READ) = 0
mprotect(0x7f018cb91000, 57344, PROT_READ) = 0
mprotect(0x7f018c8bd000, 8192, PROT_READ) = 0
mprotect(0x7f018c8e1000, 4096, PROT_READ) = 0
mprotect(0x7f018cbb5000, 4096, PROT_READ) = 0
mprotect(0x7f018cbd3000, 8192, PROT_READ) = 0
mprotect(0x55d109388000, 4096, PROT_READ) = 0
mprotect(0x7f018cc1b000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024,
rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7f018cbd8000, 73495) = 0
statfs("/sys/fs/selinux", {f_type=SELINUX_MAGIC, f_bsize=4096, f_blocks=0,
f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]},
f_namelen=255, f_frsize=4096,
f_flags=ST_VALID|ST_NOSUID|ST_NOEXEC|ST_RELATIME}) = 0
statfs("/sys/fs/selinux", {f_type=SELINUX_MAGIC, f_bsize=4096, f_blocks=0,
f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]},
f_namelen=255, f_frsize=4096,
f_flags=ST_VALID|ST_NOSUID|ST_NOEXEC|ST_RELATIME}) = 0
getrandom("\x74\x46\xec\x07\x8b\xcb\x0e\x42", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55d10986c000
brk(0x55d10988d000) = 0x55d10988d000
access("/etc/selinux/config", F_OK) = 0
openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=224366320, ...},
AT_EMPTY_PATH) = 0
mmap(NULL, 224366320, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f017ec00000
close(3) = 0
ioctl(0, TCGETS, {c_iflag=ICRNL|IXON|IUTF8,
c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD,
c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0
ioctl(1, TCGETS, {c_iflag=ICRNL|IXON|IUTF8,
c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD,
c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0
ioctl(2, TCGETS, {c_iflag=ICRNL|IXON|IUTF8,
c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD,
c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0
futex(0x7f018c851288, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f018c8510d0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f018cb9fc70, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f018cb9ffe0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
newfstatat(AT_FDCWD, "/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=1163,
...}, 0) = 0
openat(AT_FDCWD, "/etc/krb5.conf", O_RDONLY) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=1163, ...}, AT_EMPTY_PATH) = 0
read(3, "includedir /etc/krb5.conf.d/\n\n# "..., 4096) = 1163
openat(AT_FDCWD, "/etc/krb5.conf.d/",
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=106, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55d10986f2b0 /* 5 entries */, 32768) = 168
getdents64(4, 0x55d10986f2b0 /* 0 entries */, 32768) = 0
close(4) = 0
openat(AT_FDCWD, "/etc/krb5.conf.d//crypto-policies", O_RDONLY) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=179, ...}, AT_EMPTY_PATH) = 0
read(4, "[libdefaults]\npermitted_enctypes"..., 4096) = 179
read(4, "", 4096) = 0
close(4) = 0
openat(AT_FDCWD, "/etc/krb5.conf.d//enable_sssd_conf_dir", O_RDONLY) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=252, ...}, AT_EMPTY_PATH) = 0
read(4, "# This file should normally be i"..., 4096) = 252
openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/",
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55d109877400 /* 2 entries */, 32768) = 48
getdents64(5, 0x55d109877400 /* 0 entries */, 32768) = 0
close(5) = 0
read(4, "", 4096) = 0
close(4) = 0
openat(AT_FDCWD, "/etc/krb5.conf.d//kcm_default_ccache", O_RDONLY) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=474, ...}, AT_EMPTY_PATH) = 0
read(4, "# This file should normally be i"..., 4096) = 474
read(4, "", 4096) = 0
close(4) = 0
read(3, "", 4096) = 0
close(3) = 0
futex(0x7f018c851000, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f018c3ff500, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/proc/thread-self/attr/fscreate", O_RDONLY|O_CLOEXEC) = 3
read(3, "", 4095) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/selinux/config", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=1187, ...}, AT_EMPTY_PATH) = 0
read(3, "\n# This file controls the state "..., 4096) = 1187
read(3, "", 4096) = 0
close(3) = 0
futex(0x7f018c3fd1a0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
newfstatat(AT_FDCWD, "/etc/selinux/targeted/contexts/files/file_contexts",
{st_mode=S_IFREG|0644, st_size=424715, ...}, 0) = 0
openat(AT_FDCWD,
"/etc/selinux/targeted/contexts/files/file_contexts.subs_dist",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=704, ...}, AT_EMPTY_PATH) = 0
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=704, ...}, AT_EMPTY_PATH) = 0
read(3, "/run /var/run\n/run/lock /var/loc"..., 4096) = 704
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/selinux/targeted/contexts/files/file_contexts.subs",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=0, ...}, AT_EMPTY_PATH) = 0
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=0, ...}, AT_EMPTY_PATH) = 0
read(3, "", 4096) = 0
close(3) = 0
newfstatat(AT_FDCWD, "/etc/selinux/targeted/contexts/files/file_contexts",
{st_mode=S_IFREG|0644, st_size=424715, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/selinux/targeted/contexts/files/file_contexts.bin",
{st_mode=S_IFREG|0644, st_size=597805, ...}, 0) = 0
openat(AT_FDCWD, "/etc/selinux/targeted/contexts/files/file_contexts.bin",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=597805, ...}, AT_EMPTY_PATH) =
0
read(3, "\212\377|\371\5\0\0\0\20\0\0\00010.42 2022-12-11\6\0\0\0"..., 4096) =
4096
lseek(3, 0, SEEK_SET) = 0
mmap(NULL, 597805, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f018c288000
brk(0x55d1098c4000) = 0x55d1098c4000
brk(0x55d1098e5000) = 0x55d1098e5000
mmap(NULL, 491520, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f018c210000
mremap(0x7f018c210000, 491520, 983040, MREMAP_MAYMOVE) = 0x7f017eb10000
close(3) = 0
newfstatat(AT_FDCWD,
"/etc/selinux/targeted/contexts/files/file_contexts.homedirs",
{st_mode=S_IFREG|0644, st_size=15537, ...}, 0) = 0
newfstatat(AT_FDCWD,
"/etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin",
{st_mode=S_IFREG|0644, st_size=21309, ...}, 0) = 0
openat(AT_FDCWD,
"/etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=21309, ...}, AT_EMPTY_PATH) =
0
read(3, "\212\377|\371\5\0\0\0\20\0\0\00010.42 2022-12-11\6\0\0\0"..., 4096) =
4096
lseek(3, 0, SEEK_SET) = 0
mmap(NULL, 21309, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f018cbe4000
close(3) = 0
newfstatat(AT_FDCWD,
"/etc/selinux/targeted/contexts/files/file_contexts.local",
{st_mode=S_IFREG|0644, st_size=0, ...}, 0) = 0
newfstatat(AT_FDCWD,
"/etc/selinux/targeted/contexts/files/file_contexts.local.bin", 0x7ffec5243390,
0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/selinux/targeted/contexts/files/file_contexts.local",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=0, ...}, AT_EMPTY_PATH) = 0
read(3, "", 4096) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "", 4096) = 0
close(3) = 0
mmap(NULL, 827392, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f017ea46000
munmap(0x7f017eb10000, 983040) = 0
brk(0x55d109906000) = 0x55d109906000
brk(0x55d10992a000) = 0x55d10992a000
brk(0x55d10994d000) = 0x55d10994d000
brk(0x55d109971000) = 0x55d109971000
brk(0x55d109995000) = 0x55d109995000
brk(0x55d1099b8000) = 0x55d1099b8000
brk(0x55d1099dc000) = 0x55d1099dc000
brk(0x55d109a00000) = 0x55d109a00000
brk(0x55d109a23000) = 0x55d109a23000
brk(0x55d109a47000) = 0x55d109a47000
brk(0x55d109a6b000) = 0x55d109a6b000
brk(0x55d109a8e000) = 0x55d109a8e000
brk(0x55d109ab2000) = 0x55d109ab2000
brk(0x55d109ad6000) = 0x55d109ad6000
brk(0x55d109af9000) = 0x55d109af9000
brk(0x55d109b1d000) = 0x55d109b1d000
brk(0x55d109b41000) = 0x55d109b41000
brk(0x55d109b64000) = 0x55d109b64000
brk(0x55d109b88000) = 0x55d109b88000
brk(0x55d109bac000) = 0x55d109bac000
brk(0x55d109bcf000) = 0x55d109bcf000
brk(0x55d109bf3000) = 0x55d109bf3000
brk(0x55d109c17000) = 0x55d109c17000
brk(0x55d109c3a000) = 0x55d109c3a000
brk(0x55d109c5e000) = 0x55d109c5e000
brk(0x55d109c82000) = 0x55d109c82000
brk(0x55d109ca5000) = 0x55d109ca5000
brk(0x55d109cc9000) = 0x55d109cc9000
brk(0x55d109ced000) = 0x55d109ced000
brk(0x55d109d10000) = 0x55d109d10000
brk(0x55d109d34000) = 0x55d109d34000
brk(0x55d109d58000) = 0x55d109d58000
brk(0x55d109d7c000) = 0x55d109d7c000
brk(0x55d109d9f000) = 0x55d109d9f000
brk(0x55d109dc3000) = 0x55d109dc3000
brk(0x55d109de7000) = 0x55d109de7000
brk(0x55d109e0a000) = 0x55d109e0a000
brk(0x55d109e2e000) = 0x55d109e2e000
brk(0x55d109e52000) = 0x55d109e52000
brk(0x55d109e75000) = 0x55d109e75000
brk(0x55d109e99000) = 0x55d109e99000
brk(0x55d109ebd000) = 0x55d109ebd000
brk(0x55d109ee0000) = 0x55d109ee0000
brk(0x55d109f04000) = 0x55d109f04000
brk(0x55d109f28000) = 0x55d109f28000
brk(0x55d109f4b000) = 0x55d109f4b000
brk(0x55d109f6f000) = 0x55d109f6f000
brk(0x55d109f93000) = 0x55d109f93000
brk(0x55d109fb6000) = 0x55d109fb6000
brk(0x55d109fda000) = 0x55d109fda000
brk(0x55d109ffe000) = 0x55d109ffe000
brk(0x55d10a021000) = 0x55d10a021000
brk(0x55d10a045000) = 0x55d10a045000
brk(0x55d10a069000) = 0x55d10a069000
brk(0x55d10a08d000) = 0x55d10a08d000
brk(0x55d10a0b0000) = 0x55d10a0b0000
brk(0x55d10a0d4000) = 0x55d10a0d4000
brk(0x55d10a0f8000) = 0x55d10a0f8000
brk(0x55d10a11b000) = 0x55d10a11b000
brk(0x55d10a13f000) = 0x55d10a13f000
access("/var/run/setrans/.setrans-unix", F_OK) = -1 ENOENT (No such file or
directory)
futex(0x7f018c3ff648, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/proc/thread-self/attr/current", O_RDONLY|O_CLOEXEC) = 3
read(3, "unconfined_u:unconfined_r:unconf"..., 4095) = 54
close(3) = 0
openat(AT_FDCWD, "/proc/thread-self/attr/fscreate", O_RDWR|O_CLOEXEC) = 3
write(3, "unconfined_u:object_r:device_t:s"..., 34) = 34
close(3) = 0
openat(AT_FDCWD, "/dev/stderr", O_WRONLY|O_CREAT|O_APPEND, 0600) = 3
openat(AT_FDCWD, "/proc/thread-self/attr/fscreate", O_RDWR|O_CLOEXEC) = 4
write(4, NULL, 0) = 0
close(4) = 0
munmap(0x7f017ea46000, 827392) = 0
munmap(0x7f018cbe4000, 21309) = 0
munmap(0x7f018c288000, 597805) = 0
socket(AF_UNIX, SOCK_STREAM, 0) = 4
connect(4, {sa_family=AF_UNIX, sun_path="/var/run/.heim_org.h5l.kcm-socket"},
110) = -1 ECONNREFUSED (Connection refused)
close(4) = 0
openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=2998, ...}, AT_EMPTY_PATH) = 0
read(4, "# Locale name alias data base.\n#"..., 4096) = 2998
read(4, "", 4096) = 0
close(4) = 0
openat(AT_FDCWD, "/usr/share/locale/en_IN.UTF-8/LC_MESSAGES/mit-krb5.mo",
O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_IN.utf8/LC_MESSAGES/mit-krb5.mo",
O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_IN/LC_MESSAGES/mit-krb5.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.UTF-8/LC_MESSAGES/mit-krb5.mo",
O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.utf8/LC_MESSAGES/mit-krb5.mo", O_RDONLY)
= -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en/LC_MESSAGES/mit-krb5.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_IN.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY)
= -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_IN.utf8/LC_MESSAGES/libc.mo", O_RDONLY)
= -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_IN/LC_MESSAGES/libc.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
write(2, "kinit: Connection refused ", 26kinit: Connection refused ) = 26
write(2, "while getting default ccache", 28while getting default ccache) = 28
write(2, "\n", 1
) = 1
close(3) = 0
exit_group(1) = ?
+++ exited with 1 +++
'''
Reproducible: Always
Steps to Reproduce:
klist, kdestroy, or kinit fails with connection refused
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2227057
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...
4 months
- 1
- 4
- ← Newer
- 1
- Older →