Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/sssd.git#04d2a458e321f58aade008d44706bfdb38a22e80
2021-04-04 23:36:16 +00:00 · 2021-04-04 23:36:16 +00:00 · dde63ae419
parent bff26bbb59
commit dde63ae419
2 changed files with 39 additions and 7 deletions
--- a/0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch
+++ b/0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch
@ -0,0 +1,23 @@
+From 2a512fdf57055a2ce4ae02256dfabb5b74d2abd6 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Mon, 22 Mar 2021 15:18:57 +0100
+Subject: [PATCH] systemd configs: add CAP_DAC_OVERRIDE for ifp in certain case
+
+Commit fd7ce7b3de9647eb6de75c3dd3974b44d860078e missed ifp.
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/sysv/systemd/sssd-ifp.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in
+index 551c6711cf..9095da3534 100644
+--- a/src/sysv/systemd/sssd-ifp.service.in
+++ b/src/sysv/systemd/sssd-ifp.service.in
+@@ -10,5 +10,5 @@ EnvironmentFile=-@environment_file@
+ Type=dbus
+ BusName=org.freedesktop.sssd.infopipe
+ ExecStart=@ifp_exec_cmd@ ${DEBUG_LOGGER}
+-CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID
+CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID
+ @ifp_restart@
--- a/sssd.spec
+++ b/sssd.spec
@ -27,7 +27,7 @@

 Name: sssd
 Version: 2.4.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: System Security Services Daemon
 License: GPLv3+
 URL: https://github.com/SSSD/sssd/
@ -35,6 +35,8 @@ Source0: https://github.com/SSSD/sssd/releases/download/2.4.2/sssd-2.4.2.tar.gz

 ### Patches ###

+Patch0001: 0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch
+
 ### Dependencies ###

 Requires: sssd-ad = %{version}-%{release}
@ -100,6 +102,7 @@ BuildRequires: make
 BuildRequires: nss_wrapper
 BuildRequires: openldap-devel
 BuildRequires: openssh
+BuildRequires: openssl
 BuildRequires: openssl-devel
 BuildRequires: p11-kit-devel
 BuildRequires: pam_wrapper
@ -117,6 +120,7 @@ BuildRequires: softhsm >= 2.1.0
 BuildRequires: systemd-devel
 BuildRequires: systemtap-sdt-devel
 BuildRequires: uid_wrapper
+BuildRequires: po4a

 %description
 Provides a set of daemons to manage access to remote directories and
@ -950,18 +954,20 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us

 %postun common
 %systemd_postun_with_restart sssd-autofs.socket
-%systemd_postun_with_restart sssd-autofs.service
 %systemd_postun_with_restart sssd-nss.socket
-%systemd_postun_with_restart sssd-nss.service
 %systemd_postun_with_restart sssd-pac.socket
-%systemd_postun_with_restart sssd-pac.service
 %systemd_postun_with_restart sssd-pam.socket
 %systemd_postun_with_restart sssd-pam-priv.socket
-%systemd_postun_with_restart sssd-pam.service
 %systemd_postun_with_restart sssd-ssh.socket
-%systemd_postun_with_restart sssd-ssh.service
 %systemd_postun_with_restart sssd-sudo.socket
-%systemd_postun_with_restart sssd-sudo.service
+
+# Services have RefuseManualStart=true, therefore we can't request restart.
+%systemd_postun sssd-autofs.service
+%systemd_postun sssd-nss.service
+%systemd_postun sssd-pac.service
+%systemd_postun sssd-pam.service
+%systemd_postun sssd-ssh.service
+%systemd_postun sssd-sudo.service

 %post dbus
 %systemd_post sssd-ifp.service
@ -1009,6 +1015,9 @@ fi
 %systemd_postun_with_restart sssd.service

 %changelog
+* Wed Mar 31 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-3
+- Add CAP_DAC_OVERRIDE to ifp service file if required by build configuration
+
 * Fri Feb 19 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-2
 - Remove setuid from child binaries and relax requirement on python3-sssdconfig