[SSSD] [sssd PR#5407][comment] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration alexey-tikhonov commented: """ > I've spoken with @sgoveas and the test infrastructure it's not ready yet to > avoid running the test in downstream CI. He'll propose something tomorrow to > handle this use case. For the moment I've removed the `Ready to push` label. Still I think it makes sense to include this fix in Fedora Rawhide/34 rebase. We can either: - split PR into two PRs: fix + test - just waive this test downstream until issue is solved with the use of labels """ See the full comment at https://github.com/SSSD/sssd/pull/5407#issuecomment-781499025 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][comment] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration ikerexxe commented: """ I've spoken with @sgoveas and the test infrastructure it's not ready yet to avoid running the test in downstream CI. He'll propose something tomorrow to handle this use case. For the moment I've removed the `Ready to push` label. """ See the full comment at https://github.com/SSSD/sssd/pull/5407#issuecomment-781467833 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][-Ready to push] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration Label: -Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5510][+Accepted] spec: remove setuid bit from child helpers if sssd user is root
URL: https://github.com/SSSD/sssd/pull/5510 Title: #5510: spec: remove setuid bit from child helpers if sssd user is root Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5510][comment] spec: remove setuid bit from child helpers if sssd user is root
URL: https://github.com/SSSD/sssd/pull/5510 Title: #5510: spec: remove setuid bit from child helpers if sssd user is root alexey-tikhonov commented: """ ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5510#issuecomment-781460561 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][-Waiting for review] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][+Ready to push] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][+Accepted] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][comment] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration pbrezina commented: """ Thank you. Ack. """ See the full comment at https://github.com/SSSD/sssd/pull/5407#issuecomment-781394749 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][+Accepted] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Title: #5509: spec file: don't enable implicit files domain on RHEL Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][-Waiting for review] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Title: #5509: spec file: don't enable implicit files domain on RHEL Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][+Ready to push] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Title: #5509: spec file: don't enable implicit files domain on RHEL Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][comment] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Title: #5509: spec file: don't enable implicit files domain on RHEL thalman commented: """ I'm fine with this new version, Thanks """ See the full comment at https://github.com/SSSD/sssd/pull/5509#issuecomment-781336517 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][comment] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Title: #5509: spec file: don't enable implicit files domain on RHEL pbrezina commented: """ > > Why not keep fedora specific flags at the end? IMHO it's more readable then > > interrupting it with condition in the middle. > > My idea was to keep it sorted like: "enable/disable" first and then a bunch > of "--with-..." > > But ok, I will move. If that's the case, we can use oneliners like `%{?with_static:--enable-static}` and sort it appropriately. But I'm fine with this version. """ See the full comment at https://github.com/SSSD/sssd/pull/5509#issuecomment-781311300 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5510][opened] spec: remove setuid bit from child helpers if sssd user is root
URL: https://github.com/SSSD/sssd/pull/5510 Author: pbrezina Title: #5510: spec: remove setuid bit from child helpers if sssd user is root Action: opened PR body: """ The setuid bit is only needed if sssd runs as non-root user. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5510/head:pr5510 git checkout pr5510 From a1eca1a0877f61369bc808927bdbd4173282a128 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Thu, 18 Feb 2021 13:28:04 +0100 Subject: [PATCH] spec: remove setuid bit from child helpers if sssd user is root The setuid bit is only needed if sssd runs as non-root user. --- contrib/sssd.spec.in | 15 +++ 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index ac1a92c10c..4c03b73c6c 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -7,6 +7,13 @@ %global sssd_user root %endif +# Set setuid bit on child helpers if we support non-root user. +%if "%{sssd_user}" == "root" +%global child_attrs 0750 +%else +%global child_attrs 4750 +%endif + # we don't want to provide private python extension libs %define __provides_exclude_from %{python3_sitearch}/.*\.so$ @@ -751,8 +758,8 @@ done %files krb5-common %license COPYING %attr(755,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}/krb5.include.d -%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/ldap_child -%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/krb5_child +%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/ldap_child +%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/krb5_child %files krb5 -f sssd_krb5.lang %license COPYING @@ -767,7 +774,7 @@ done %license COPYING %attr(700,%{sssd_user},%{sssd_user}) %dir %{keytabdir} %{_libdir}/%{name}/libsss_ipa.so -%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/selinux_child +%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/selinux_child %{_mandir}/man5/sssd-ipa.5* %files ad -f sssd_ad.lang @@ -778,7 +785,7 @@ done %files proxy %license COPYING -%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/proxy_child +%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/proxy_child %{_libdir}/%{name}/libsss_proxy.so %files dbus -f sssd_dbus.lang ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][comment] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration ikerexxe commented: """ I'd prefer to log the paths so I've picked your second proposal. """ See the full comment at https://github.com/SSSD/sssd/pull/5407#issuecomment-781305848 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][-Changes requested] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][+Waiting for review] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][synchronized] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Author: ikerexxe Title: #5407: kcm: check socket path loaded from configuration Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5407/head:pr5407 git checkout pr5407 From 1ad0445e8fd5e03b35ea53353b7b9a07222b4942 Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Tue, 26 Jan 2021 12:37:15 +0100 Subject: [PATCH 1/2] RESPONDER: check that configured sockets match Check if the sockets defined in systemd unit and sssd.conf match. If they don't, then print a warning message. Moreover, change man page regarding socket_path option to indicate that it will be overwritten by systemd's unit file. Resolves: https://github.com/SSSD/sssd/issues/5406 --- src/man/sssd-kcm.8.xml | 7 +++ src/responder/common/responder_common.c | 11 +++ 2 files changed, 18 insertions(+) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index 022a74ba09..14ba122a5c 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -203,6 +203,13 @@ systemctl restart sssd-kcm.service Default: /var/run/.heim_org.h5l.kcm-socket + + +Note: on platforms where systemd is supported, the +socket path is overwritten by the one defined in +the sssd-kcm.socket unit file. + + diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 7061d018a6..992d85c6d2 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -1001,6 +1001,8 @@ int activate_unix_sockets(struct resp_ctx *rctx, connection_setup_t conn_setup) { int ret; +struct sockaddr_un sockaddr; +socklen_t sockaddr_len = sizeof(sockaddr); #ifdef HAVE_SYSTEMD if (rctx->lfd == -1 && rctx->priv_lfd == -1) { @@ -1032,6 +1034,15 @@ int activate_unix_sockets(struct resp_ctx *rctx, goto done; } +ret = getsockname(rctx->lfd, (struct sockaddr *) , _len); +if (ret == EOK) { +if (memcmp(rctx->sock_name, sockaddr.sun_path, strlen(rctx->sock_name)) != 0) { +DEBUG(SSSDBG_CONF_SETTINGS, + "Warning: socket path defined in systemd unit (%s) and sssd.conf (%s) don't match\n", + sockaddr.sun_path, rctx->sock_name); +} +} + ret = sss_fd_nonblocking(rctx->lfd); if (ret != EOK) goto done; if (numfds == 2) { From 11591f76eacf3e98687fd5d264db3ed063d4bded Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Tue, 26 Jan 2021 16:01:48 +0100 Subject: [PATCH 2/2] TESTS: test socket path when systemd activation Test socket path when sssd-kcm is activated by systemd. If socket in systemd unit and sssd.conf is defined in different locations then print a warning. Verifies: https://github.com/SSSD/sssd/issues/5406 --- src/tests/multihost/alltests/test_kcm.py | 33 1 file changed, 33 insertions(+) diff --git a/src/tests/multihost/alltests/test_kcm.py b/src/tests/multihost/alltests/test_kcm.py index db08dbd8c4..e7182f5d58 100644 --- a/src/tests/multihost/alltests/test_kcm.py +++ b/src/tests/multihost/alltests/test_kcm.py @@ -52,3 +52,36 @@ def test_client_timeout(self, multihost, backupsssdconf): " /var/log/sssd/" "sssd_kcm.log") assert 'Terminated client' in grep_cmd.stdout_text + +def test_kcm_check_socket_path(self, multihost, enable_kcm): +""" +@Title: kcm: Test socket path when sssd-kcm is activated by systemd +#https://github.com/SSSD/sssd/issues/5406 +""" +# Start from a known-good state after removing log file and adding a +# new socket path +multihost.master[0].service_sssd('stop') +self._stop_kcm(multihost) +self._remove_kcm_log_file(multihost) +server = sssdTools(multihost.master[0]) +server.backup_sssd_conf() +socket_path = "/some_path/kcm.socket" +domain_section = "kcm" +sssd_params = {'socket_path': '%s' % (socket_path)} +server.sssd_conf(domain_section, sssd_params) +multihost.master[0].service_sssd('start') +self._start_kcm(multihost) +# Give sssd some time to load +time.sleep(2) + +# Check log file for the expected warning message +domain_log = '/var/log/sssd/sssd_kcm.log' +log = multihost.master[0].get_file_contents(domain_log).decode('utf-8') +msg = "Warning: socket path defined in systemd unit "\ +
[SSSD] [sssd PR#5509][synchronized] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Author: alexey-tikhonov Title: #5509: spec file: don't enable implicit files domain on RHEL Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5509/head:pr5509 git checkout pr5509 From 16f3c058af65cdeee3901220a9f13f4e66d29aa5 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 17 Feb 2021 14:21:01 +0100 Subject: [PATCH] spec file: don't enable implicit files domain on RHEL Corresponding code is built and users can enable files domain on a as-needed basis. But there is little value running it on RHEL "as is" by default. (As a reminder, as a comment in this file says, this is a "SSSD SPEC file for Fedora 34+ and RHEL-9+") --- contrib/sssd.spec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 53dee22a0b..217babdd9f 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -479,7 +479,6 @@ autoreconf -ivf %configure \ --disable-rpath \ --disable-static \ ---enable-files-domain \ --enable-gss-spnego-for-zero-maxssf \ --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ --enable-nsslibdir=%{_libdir} \ @@ -499,6 +498,7 @@ autoreconf -ivf --with-syslog=journald \ --with-test-dir=/dev/shm \ %if 0%{?fedora} +--enable-files-domain \ --disable-polkit-rules-path \ %endif %{nil} ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][comment] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Title: #5509: spec file: don't enable implicit files domain on RHEL alexey-tikhonov commented: """ > Why not keep fedora specific flags at the end? IMHO it's more readable then > interrupting it with condition in the middle. My idea was to keep it sorted like: "enable/disable" first and then a bunch of "--with-..." But ok, I will move. """ See the full comment at https://github.com/SSSD/sssd/pull/5509#issuecomment-781295725 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][comment] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Title: #5509: spec file: don't enable implicit files domain on RHEL pbrezina commented: """ Why not keep fedora specific flags at the end? IMHO it's more readable then interrupting it with condition in the middle. """ See the full comment at https://github.com/SSSD/sssd/pull/5509#issuecomment-781293131 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][comment] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Title: #5509: spec file: don't enable implicit files domain on RHEL alexey-tikhonov commented: """ Updated. """ See the full comment at https://github.com/SSSD/sssd/pull/5509#issuecomment-781281987 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][synchronized] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Author: alexey-tikhonov Title: #5509: spec file: don't enable implicit files domain on RHEL Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5509/head:pr5509 git checkout pr5509 From 73b58af15173184f437804edfef7c9eefd532d9e Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 17 Feb 2021 14:21:01 +0100 Subject: [PATCH] spec file: don't enable implicit files domain on RHEL Corresponding code is built and users can enable files domain on a as-needed basis. But there is little value running it on RHEL "as is" by default. (As a reminder, as a comment in this file says, this is a "SSSD SPEC file for Fedora 34+ and RHEL-9+") --- contrib/sssd.spec.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 53dee22a0b..fa03e3c98c 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -479,7 +479,10 @@ autoreconf -ivf %configure \ --disable-rpath \ --disable-static \ +%if 0%{?fedora} --enable-files-domain \ +--disable-polkit-rules-path \ +%endif --enable-gss-spnego-for-zero-maxssf \ --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ --enable-nsslibdir=%{_libdir} \ @@ -498,9 +501,6 @@ autoreconf -ivf --with-sssd-user=%{sssd_user} \ --with-syslog=journald \ --with-test-dir=/dev/shm \ -%if 0%{?fedora} ---disable-polkit-rules-path \ -%endif %{nil} %make_build all docs runstatedir=%{_rundir} ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][+Changes requested] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5407][-Waiting for review] kcm: check socket path loaded from configuration
URL: https://github.com/SSSD/sssd/pull/5407 Title: #5407: kcm: check socket path loaded from configuration Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5504][+Accepted] limit process capabilities and sanitize usage of experimental '--with-sssd-user=' option
URL: https://github.com/SSSD/sssd/pull/5504 Title: #5504: limit process capabilities and sanitize usage of experimental '--with-sssd-user=' option Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5504][+Ready to push] limit process capabilities and sanitize usage of experimental '--with-sssd-user=' option
URL: https://github.com/SSSD/sssd/pull/5504 Title: #5504: limit process capabilities and sanitize usage of experimental '--with-sssd-user=' option Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5504][-Waiting for review] limit process capabilities and sanitize usage of experimental '--with-sssd-user=' option
URL: https://github.com/SSSD/sssd/pull/5504 Title: #5504: limit process capabilities and sanitize usage of experimental '--with-sssd-user=' option Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][comment] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Title: #5509: spec file: don't enable implicit files domain on RHEL pbrezina commented: """ Can you move it to `--disable-polkit-rules-path` line to avoid having multiple conditions there? """ See the full comment at https://github.com/SSSD/sssd/pull/5509#issuecomment-781214051 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure