• 1
From Bug Report:

"On Customer's network (sssd with two domain mappings, one ldap one active
directory), moving from 67 members in a particular group to 68 members in that group breaks mapping for all members.

Fortunately this is easy to reproduce in a much simpler environment, it is visible on a standalone machine using nothing but /etc/passwd and /etc/group.
The tipping point on the number of members in a group is not consistent, it seems to be dependent on the size of the username. Larger usernames cause groups to fail out with fewer members.
"

The bug report does not go in to detail on how they figured the problem was in libselinux versus sshd/pam_selinux. But they did. They also wrote some test programs to figure out where the tipping point was. There test programs were returning ERANGE as errno and they figured out what was happening.

  • 1
?

Log in