URL: https://github.com/SSSD/sssd/pull/183 Author: fidencio Title: #183: More socket-activation fixes Action: opened
PR body: """ This series contain two patches for bugs reported by @sgallagher. Please, see the patches ... """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/183/head:pr183 git checkout pr183
From d3b35f01d03af2c1d8908f20c867a92b958608c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Tue, 7 Mar 2017 16:55:41 +0100 Subject: [PATCH 1/2] SYSTEMD: Ensure the service is shutdown in case the socket is stopped MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid leaving the service running in case the admin calls `systemctl stop sssd-@responder@.socket`. Resolves: https://pagure.io/SSSD/sssd/issue/3323 Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com> --- src/sysv/systemd/sssd-autofs.service.in | 2 ++ src/sysv/systemd/sssd-nss.service.in | 2 ++ src/sysv/systemd/sssd-pac.service.in | 2 ++ src/sysv/systemd/sssd-pam.service.in | 2 ++ src/sysv/systemd/sssd-ssh.service.in | 2 ++ src/sysv/systemd/sssd-sudo.service.in | 2 ++ 6 files changed, 12 insertions(+) diff --git a/src/sysv/systemd/sssd-autofs.service.in b/src/sysv/systemd/sssd-autofs.service.in index 32ea6e1..2f4196b 100644 --- a/src/sysv/systemd/sssd-autofs.service.in +++ b/src/sysv/systemd/sssd-autofs.service.in @@ -3,6 +3,8 @@ Description=SSSD AutoFS Service responder Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +After=sssd-autofs.socket +BindsTo=sssd-autofs.socket RefuseManualStart=true [Install] diff --git a/src/sysv/systemd/sssd-nss.service.in b/src/sysv/systemd/sssd-nss.service.in index e2f68bc..6b8bfcf 100644 --- a/src/sysv/systemd/sssd-nss.service.in +++ b/src/sysv/systemd/sssd-nss.service.in @@ -3,6 +3,8 @@ Description=SSSD NSS Service responder Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +After=sssd-nss.socket +BindsTo=sssd-nss.socket RefuseManualStart=true [Install] diff --git a/src/sysv/systemd/sssd-pac.service.in b/src/sysv/systemd/sssd-pac.service.in index ffbfdec..841f48a 100644 --- a/src/sysv/systemd/sssd-pac.service.in +++ b/src/sysv/systemd/sssd-pac.service.in @@ -3,6 +3,8 @@ Description=SSSD PAC Service responder Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +After=sssd-pac.socket +BindsTo=sssd-pac.socket RefuseManualStart=true [Install] diff --git a/src/sysv/systemd/sssd-pam.service.in b/src/sysv/systemd/sssd-pam.service.in index 6dec46f..aa413d2 100644 --- a/src/sysv/systemd/sssd-pam.service.in +++ b/src/sysv/systemd/sssd-pam.service.in @@ -3,6 +3,8 @@ Description=SSSD PAM Service responder Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +After=sssd-pam.socket +BindsTo=sssd-pam.socket RefuseManualStart=true [Install] diff --git a/src/sysv/systemd/sssd-ssh.service.in b/src/sysv/systemd/sssd-ssh.service.in index 6f233b4..d35b85e 100644 --- a/src/sysv/systemd/sssd-ssh.service.in +++ b/src/sysv/systemd/sssd-ssh.service.in @@ -3,6 +3,8 @@ Description=SSSD SSH Service responder Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +After=sssd-ssh.socket +BindsTo=sssd-ssh.socket RefuseManualStart=true [Install] diff --git a/src/sysv/systemd/sssd-sudo.service.in b/src/sysv/systemd/sssd-sudo.service.in index b59bcbc..9b0da3b 100644 --- a/src/sysv/systemd/sssd-sudo.service.in +++ b/src/sysv/systemd/sssd-sudo.service.in @@ -3,6 +3,8 @@ Description=SSSD Sudo Service responder Documentation=man:sssd.conf(5) man:sssd-sudo(5) After=sssd.service BindsTo=sssd.service +After=sssd-sudo.socket +BindsTo=sssd-sudo.socket RefuseManualStart=true [Install] From 319beac28a0a3d7034e6336c1dcac94377832606 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Tue, 7 Mar 2017 17:15:56 +0100 Subject: [PATCH 2/2] NSS: Don't call chown() on ExecStartPre of sssd-nss.servie MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The sssd-nss.service attempts to chown its log file to ensure it has the correct owner. Unfortunately, when this happens, it enters a loop trying to call into the name-service switch and hangs forever. The approach taken to solve this issue is by using fchown() in the NSS service startup, which won't make any NSS calls itself. Resolves: https://pagure.io/SSSD/sssd/issue/3322 Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com> --- src/responder/nss/nsssrv.c | 15 +++++++++++++++ src/sysv/systemd/sssd-nss.service.in | 1 - 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 807b5e8..cd54dd1 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -19,6 +19,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#define _GNU_SOURCE #include <stdio.h> #include <unistd.h> #include <fcntl.h> @@ -540,6 +541,20 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_nss"; + if (is_socket_activated()) { + char *logpath; + int fd; + + ret = asprintf(&logpath, "%s/%s.log", LOG_PATH, debug_log_file); + if (ret == -1) { + return ENOMEM; + } + + fd = open(logpath, O_RDONLY); + fchown(fd, 0, 0); + close(fd); + } + ret = server_setup("sssd[nss]", 0, uid, gid, CONFDB_NSS_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; diff --git a/src/sysv/systemd/sssd-nss.service.in b/src/sysv/systemd/sssd-nss.service.in index 6b8bfcf..3eb9fb2 100644 --- a/src/sysv/systemd/sssd-nss.service.in +++ b/src/sysv/systemd/sssd-nss.service.in @@ -11,6 +11,5 @@ RefuseManualStart=true Also=sssd-nss.socket [Service] -ExecStartPre=-/bin/chown root:root @logpath@/sssd_nss.log ExecStart=@libexecdir@/sssd/sssd_nss --debug-to-files --socket-activated Restart=on-failure
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
