URL: https://github.com/SSSD/sssd/pull/5547
Author: alexey-tikhonov
Title: #5547: systemd configs: add CAP_DAC_OVERRIDE for ifp in certain case
Action: opened
PR body:
"""
Commit fd7ce7b3de9647eb6de75c3dd3974b44d860078e missed ifp.
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1937654
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5547/head:pr5547
git checkout pr5547
From 249df6ad0e1f5c717c7f9e619a12ae9c97b91fe8 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikh...@redhat.com>
Date: Mon, 22 Mar 2021 15:18:57 +0100
Subject: [PATCH] systemd configs: add CAP_DAC_OVERRIDE for ifp in certain case
Commit fd7ce7b3de9647eb6de75c3dd3974b44d860078e missed ifp.
---
src/sysv/systemd/sssd-ifp.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in
index 551c6711cf..9095da3534 100644
--- a/src/sysv/systemd/sssd-ifp.service.in
+++ b/src/sysv/systemd/sssd-ifp.service.in
@@ -10,5 +10,5 @@ EnvironmentFile=-@environment_file@
Type=dbus
BusName=org.freedesktop.sssd.infopipe
ExecStart=@ifp_exec_cmd@ ${DEBUG_LOGGER}
-CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID
+CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID
@ifp_restart@
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
