rpms/sssd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Merged update from upstream sources

Browse Source 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/sssd.git#04d2a458e321f58aade008d44706bfdb38a22e80
This commit is contained in:
DistroBaker 2021-04-04 23:36:16 +00:00
parent bff26bbb59
commit dde63ae419
2 changed files with 39 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch Normal file
View File

@ -0,0 +1,23 @@
From 2a512fdf57055a2ce4ae02256dfabb5b74d2abd6 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 22 Mar 2021 15:18:57 +0100
Subject: [PATCH] systemd configs: add CAP_DAC_OVERRIDE for ifp in certain case
Commit fd7ce7b3de9647eb6de75c3dd3974b44d860078e missed ifp.
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/sysv/systemd/sssd-ifp.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in
index 551c6711cf..9095da3534 100644
--- a/src/sysv/systemd/sssd-ifp.service.in
+++ b/src/sysv/systemd/sssd-ifp.service.in
@@ -10,5 +10,5 @@ EnvironmentFile=-@environment_file@
Type=dbus
BusName=org.freedesktop.sssd.infopipe
ExecStart=@ifp_exec_cmd@ ${DEBUG_LOGGER}
-CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID
+CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID
@ifp_restart@

23
sssd.spec
View File

@ -27,7 +27,7 @@
Name: sssd
Version: 2.4.2
Release: 2%{?dist}
Release: 3%{?dist}
Summary: System Security Services Daemon
License: GPLv3+
URL: https://github.com/SSSD/sssd/
@ -35,6 +35,8 @@ Source0: https://github.com/SSSD/sssd/releases/download/2.4.2/sssd-2.4.2.tar.gz
### Patches ###
Patch0001: 0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch
### Dependencies ###
Requires: sssd-ad = %{version}-%{release}
@ -100,6 +102,7 @@ BuildRequires: make
BuildRequires: nss_wrapper
BuildRequires: openldap-devel
BuildRequires: openssh
BuildRequires: openssl
BuildRequires: openssl-devel
BuildRequires: p11-kit-devel
BuildRequires: pam_wrapper
@ -117,6 +120,7 @@ BuildRequires: softhsm >= 2.1.0
BuildRequires: systemd-devel
BuildRequires: systemtap-sdt-devel
BuildRequires: uid_wrapper
BuildRequires: po4a
%description
Provides a set of daemons to manage access to remote directories and
@ -950,18 +954,20 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
%postun common
%systemd_postun_with_restart sssd-autofs.socket
%systemd_postun_with_restart sssd-autofs.service
%systemd_postun_with_restart sssd-nss.socket
%systemd_postun_with_restart sssd-nss.service
%systemd_postun_with_restart sssd-pac.socket
%systemd_postun_with_restart sssd-pac.service
%systemd_postun_with_restart sssd-pam.socket
%systemd_postun_with_restart sssd-pam-priv.socket
%systemd_postun_with_restart sssd-pam.service
%systemd_postun_with_restart sssd-ssh.socket
%systemd_postun_with_restart sssd-ssh.service
%systemd_postun_with_restart sssd-sudo.socket
%systemd_postun_with_restart sssd-sudo.service
# Services have RefuseManualStart=true, therefore we can't request restart.
%systemd_postun sssd-autofs.service
%systemd_postun sssd-nss.service
%systemd_postun sssd-pac.service
%systemd_postun sssd-pam.service
%systemd_postun sssd-ssh.service
%systemd_postun sssd-sudo.service
%post dbus
%systemd_post sssd-ifp.service
@ -1009,6 +1015,9 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
* Wed Mar 31 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-3
- Add CAP_DAC_OVERRIDE to ifp service file if required by build configuration
* Fri Feb 19 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-2
- Remove setuid from child binaries and relax requirement on python3-sssdconfig