rpms
/
sssd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sssd-2.4.2-4: Add CAP_DAC_OVERRIDE to ifp service file if required by build configuration

This commit is contained in:
Pavel Březina 2021-03-31 11:49:33 +02:00
parent ea1b261cc2
commit b1df55fa36
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch Normal file
View File

@ -0,0 +1,23 @@
From 2a512fdf57055a2ce4ae02256dfabb5b74d2abd6 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 22 Mar 2021 15:18:57 +0100
Subject: [PATCH] systemd configs: add CAP_DAC_OVERRIDE for ifp in certain case
Commit fd7ce7b3de9647eb6de75c3dd3974b44d860078e missed ifp.
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/sysv/systemd/sssd-ifp.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in
index 551c6711cf..9095da3534 100644
--- a/src/sysv/systemd/sssd-ifp.service.in
+++ b/src/sysv/systemd/sssd-ifp.service.in
@@ -10,5 +10,5 @@ EnvironmentFile=-@environment_file@
Type=dbus
BusName=org.freedesktop.sssd.infopipe
ExecStart=@ifp_exec_cmd@ ${DEBUG_LOGGER}
-CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID
+CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID
@ifp_restart@

7
sssd.spec
View File

@ -27,7 +27,7 @@
Name: sssd
Version: 2.4.2
Release: 3%{?dist}
Release: 4%{?dist}
Summary: System Security Services Daemon
License: GPLv3+
URL: https://github.com/SSSD/sssd/
@ -35,6 +35,8 @@ Source0: https://github.com/SSSD/sssd/releases/download/2.4.2/sssd-2.4.2.tar.gz
### Patches ###
Patch0001: 0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch
### Dependencies ###
Requires: sssd-ad = %{version}-%{release}
@ -1013,6 +1015,9 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
* Wed Mar 31 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-4
- Add CAP_DAC_OVERRIDE to ifp service file if required by build configuration
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.4.2-3
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.