zpytela
commented
3 years ago CI fails due to a known problem with mismatched repos. Merging per successful F33 CI: https://github.com/fedora-selinux/selinux-policy-contrib/pull/388
Closed zpytela closed 3 years ago
zpytela
commented
3 years ago CI fails due to a known problem with mismatched repos. Merging per successful F33 CI: https://github.com/fedora-selinux/selinux-policy-contrib/pull/388
The nsswitch_domain is already allowed search /run/systemd, sssd however requires the read permission, granted by the list_dir_perms pattern.
The reason is that sssd is using an asynchronous resolver library (c-ares) and monitors /etc/resolv.conf for changes. If /etc/resolv.conf is replaced with a symlink, SSSD tries to follow it to set an inotify watch to be aware of the target file changes. The resolv.conf file changes can be made by a user, NetworkManager, or systemd-resolved.
Resolves: rhbz#1827466