From b1df55fa3684c44e24ba1d057d853cbe8d0a2e0c Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mar 31 2021 11:11:44 +0000 Subject: sssd-2.4.2-4: Add CAP_DAC_OVERRIDE to ifp service file if required by build configuration --- diff --git a/0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch b/0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch new file mode 100644 index 0000000..7178cc9 --- /dev/null +++ b/0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch @@ -0,0 +1,23 @@ +From 2a512fdf57055a2ce4ae02256dfabb5b74d2abd6 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Mon, 22 Mar 2021 15:18:57 +0100 +Subject: [PATCH] systemd configs: add CAP_DAC_OVERRIDE for ifp in certain case + +Commit fd7ce7b3de9647eb6de75c3dd3974b44d860078e missed ifp. + +Reviewed-by: Sumit Bose +--- + src/sysv/systemd/sssd-ifp.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in +index 551c6711cf..9095da3534 100644 +--- a/src/sysv/systemd/sssd-ifp.service.in ++++ b/src/sysv/systemd/sssd-ifp.service.in +@@ -10,5 +10,5 @@ EnvironmentFile=-@environment_file@ + Type=dbus + BusName=org.freedesktop.sssd.infopipe + ExecStart=@ifp_exec_cmd@ ${DEBUG_LOGGER} +-CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID ++CapabilityBoundingSet= @additional_caps@ CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETGID CAP_SETUID + @ifp_restart@ diff --git a/sssd.spec b/sssd.spec index 7092df5..bcee149 100644 --- a/sssd.spec +++ b/sssd.spec @@ -27,7 +27,7 @@ Name: sssd Version: 2.4.2 -Release: 3%{?dist} +Release: 4%{?dist} Summary: System Security Services Daemon License: GPLv3+ URL: https://github.com/SSSD/sssd/ @@ -35,6 +35,8 @@ Source0: https://github.com/SSSD/sssd/releases/download/2.4.2/sssd-2.4.2.tar.gz ### Patches ### +Patch0001: 0001-systemd-configs-add-CAP_DAC_OVERRIDE-for-ifp-in-certain-case.patch + ### Dependencies ### Requires: sssd-ad = %{version}-%{release} @@ -1013,6 +1015,9 @@ fi %systemd_postun_with_restart sssd.service %changelog +* Wed Mar 31 2021 Pavel Březina - 2.4.2-4 +- Add CAP_DAC_OVERRIDE to ifp service file if required by build configuration + * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 2.4.2-3 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583.