diff --git a/0001-ipa-fix-reply-socket-of-selinux_child.patch b/0001-ipa-fix-reply-socket-of-selinux_child.patch new file mode 100644 index 0000000..a02a53f --- /dev/null +++ b/0001-ipa-fix-reply-socket-of-selinux_child.patch @@ -0,0 +1,33 @@ +From 5a2e0ebe83913e317f66478daeff35987c278e27 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Tue, 4 Jan 2022 10:11:49 +0100 +Subject: [PATCH] ipa: fix reply socket of selinux_child + +Commit c92d39a30fa0162d4efdfbe5883c8ea9911a2249 accidentally switched +the reply socket of selinux_child from stdout to stderr while switching +from exec_child to exec_child_ex. This patch returns the original +behavior. + +Resolves: https://github.com/SSSD/sssd/issues/5939 + +Reviewed-by: Alexey Tikhonov +--- + src/providers/ipa/ipa_selinux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c +index 6f885c0fd..2e0593dd7 100644 +--- a/src/providers/ipa/ipa_selinux.c ++++ b/src/providers/ipa/ipa_selinux.c +@@ -714,7 +714,7 @@ static errno_t selinux_fork_child(struct selinux_child_state *state) + if (pid == 0) { /* child */ + exec_child_ex(state, pipefd_to_child, pipefd_from_child, + SELINUX_CHILD, SELINUX_CHILD_LOG_FILE, extra_args, +- false, STDIN_FILENO, STDERR_FILENO); ++ false, STDIN_FILENO, STDOUT_FILENO); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n", + ret, sss_strerror(ret)); + return ret; +-- +2.33.1 + diff --git a/sssd.spec b/sssd.spec index 4ad0c11..29a6c84 100644 --- a/sssd.spec +++ b/sssd.spec @@ -43,13 +43,14 @@ Name: sssd Version: 2.6.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: System Security Services Daemon License: GPLv3+ URL: https://github.com/SSSD/sssd/ Source0: https://github.com/SSSD/sssd/releases/download/2.6.2/sssd-2.6.2.tar.gz ### Patches ### +Patch0001: 0001-ipa-fix-reply-socket-of-selinux_child.patch ### Dependencies ### @@ -1034,6 +1035,9 @@ fi %systemd_postun_with_restart sssd.service %changelog +* Tue Jan 04 2022 Iker Pedrosa - 2.6.2-2 +- Fix IPA reply socket of selinux_child + * Thu Dec 23 2021 Iker Pedrosa - 2.6.2-1 - Rebase to SSSD 2.6.2