scabrero/sssd
SHA256
1
0
Fork 1
forked from pool/sssd
Code Pull Requests Activity

sssd 2.10.1

Browse Source
This commit is contained in:
Jan Engelhardt
2024-12-11 10:33:24 +01:00
parent 6e6893108a
commit 7a9befa693
11 changed files with 61 additions and 528 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
sssd.spec
View File

@@ -17,7 +17,7 @@
Name: sssd
Version: 2.10.0
Version: 2.10.1
Release: 0
Summary: System Security Services Daemon
License: GPL-3.0-or-later AND LGPL-3.0-or-later
@@ -28,10 +28,6 @@ Source: https://github.com/SSSD/sssd/releases/download/%version/%name-%v
Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc
Source3: baselibs.conf
Source5: %name.keyring
Patch3: 0001-sssd-always-print-path-when-config-object-is-rejecte.patch
Patch4: 0001-INI-stop-using-libini_config-for-access-check.patch
Patch5: 0001-INI-relax-config-files-checks.patch
Patch6: 0001-Configuration-make-sure-etc-sssd-and-everything.patch
Patch11: krb-noversion.diff
Patch12: harden_sssd-ifp.service.patch
Patch13: harden_sssd-kcm.service.patch
@@ -489,11 +485,11 @@ cat >"$b/etc/permissions.d/sssd" <<-EOF
%_libexecdir/sssd/sssd_pam root:sssd 0750
+capabilities cap_dac_read_search=p
%_libexecdir/sssd/selinux_child root:sssd 0750
+capabilities %child_capabilities
+capabilities cap_setgid,cap_setuid=p
%_libexecdir/sssd/krb5_child root:sssd 0750
+capabilities %child_capabilities
+capabilities cap_dac_read_search,cap_setgid,cap_setuid=p
%_libexecdir/sssd/ldap_child root:sssd 0750
+capabilities %child_capabilities
+capabilities cap_dac_read_search=p
EOF
%check
@@ -691,7 +687,6 @@ fi
%_libdir/%name/libsss_files*
%endif
%_libdir/%name/libsss_iface*
%_libdir/%name/libsss_semanage*
%_libdir/%name/libsss_sbus*
%_libdir/%name/libsss_simple*
%_libdir/%name/libsss_util*
@@ -710,7 +705,7 @@ fi
%_libexecdir/%name/sss_signal
%_libexecdir/%name/sssd_check_socket_activated_responders
%if 0%{?suse_version} >= 1600
%attr(750,root,%sssd_user) %caps(%child_capabilities) %_libexecdir/%name/selinux_child
%attr(750,root,%sssd_user) %caps(cap_setgid,cap_setuid=p) %_libexecdir/%name/selinux_child
%endif
%dir %sssdstatedir
%attr(700,%sssd_user,%sssd_user) %dir %dbpath/
@@ -839,8 +834,8 @@ fi
%dir %_libdir/%name/
%_libdir/%name/libsss_krb5_common.so
%dir %_libexecdir/%name/
%attr(750,root,%sssd_user) %caps(%child_capabilities) %_libexecdir/%name/krb5_child
%attr(750,root,%sssd_user) %caps(%child_capabilities) %_libexecdir/%name/ldap_child
%attr(750,root,%sssd_user) %caps(cap_dac_read_search,cap_setgid,cap_setuid=p) %_libexecdir/%name/krb5_child
%attr(750,root,%sssd_user) %caps(cap_dac_read_search=p) %_libexecdir/%name/ldap_child
%files ldap
%dir %_libdir/%name/