01409e3d48
Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
or machine swaps
Resolves: failure in glibc tests
https://sourceware.org/bugzilla/show_bug.cgi?id=22530
Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
auth_provider ldap, login fails if the LDAP server
is not allowing anonymous binds
Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
corrected with AD
Resolves: upstream#3586 - Give a more detailed debug and system-log message
if krb5_init_context() failed
Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
in /etc/systemd/system
Backport few upstream features from 1.16.1
(cherry picked from commit 1dedfbb334
)
26 lines
932 B
Diff
26 lines
932 B
Diff
From 565ef3ffcaaef69a768b6a341777c339217bbbab Mon Sep 17 00:00:00 2001
|
|
From: Lukas Slebodnik <lslebodn@fedoraproject.org>
|
|
Date: Mon, 12 Dec 2016 21:56:16 +0100
|
|
Subject: [PATCH] SYSTEMD: Use capabilities
|
|
|
|
copied from selinux policy
|
|
---
|
|
src/sysv/systemd/sssd.service.in | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
|
|
index 0c515d34caaa3ea397c4c7e95eef0188df170840..252889dbb2b7b1e651966258e7b76eab38357e76 100644
|
|
--- a/src/sysv/systemd/sssd.service.in
|
|
+++ b/src/sysv/systemd/sssd.service.in
|
|
@@ -11,6 +11,7 @@ ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER}
|
|
Type=notify
|
|
NotifyAccess=main
|
|
PIDFile=@localstatedir@/run/sssd.pid
|
|
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
--
|
|
2.15.1
|
|
|