Skip to content

Commit

Permalink
KRB5: 'krb5_child' doesn't require effective capabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexey-tikhonov
alexey-tikhonov committed Nov 28, 2024
1 parent 1fb3ce7 commit f3dd66f
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion Makefile.am
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5554,7 +5554,7 @@ if SSSD_USER
-$(SETCAP) cap_dac_read_search=p $(DESTDIR)$(sssdlibexecdir)/ldap_child
-chgrp $(SSSD_USER) $(DESTDIR)$(sssdlibexecdir)/krb5_child
chmod 750 $(DESTDIR)$(sssdlibexecdir)/krb5_child
-$(SETCAP) cap_dac_read_search,cap_setuid,cap_setgid=ep $(DESTDIR)$(sssdlibexecdir)/krb5_child
-$(SETCAP) cap_dac_read_search,cap_setuid,cap_setgid=p $(DESTDIR)$(sssdlibexecdir)/krb5_child
-chgrp $(SSSD_USER) $(DESTDIR)$(sssdlibexecdir)/proxy_child
chmod 750 $(DESTDIR)$(sssdlibexecdir)/proxy_child
-chgrp $(SSSD_USER) $(DESTDIR)$(sssdlibexecdir)/sssd_pam
Expand Down
2 changes: 1 addition & 1 deletion contrib/sssd.spec.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -914,7 +914,7 @@ install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf
%license COPYING
%attr(775,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}/krb5.include.d
%attr(0750,root,%{sssd_user}) %caps(cap_dac_read_search=p) %{_libexecdir}/%{servicename}/ldap_child
%attr(0750,root,%{sssd_user}) %caps(cap_dac_read_search,cap_setuid,cap_setgid=ep) %{_libexecdir}/%{servicename}/krb5_child
%attr(0750,root,%{sssd_user}) %caps(cap_dac_read_search,cap_setuid,cap_setgid=p) %{_libexecdir}/%{servicename}/krb5_child

%files krb5 -f sssd_krb5.lang
%license COPYING
Expand Down

0 comments on commit f3dd66f

Please sign in to comment.