diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2016-08-15 14:10:23 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-08-17 16:55:31 +0200 |
| commit | 733100a12138a701d0ae7ef5af2b04b08e225033 (patch) | |
| tree | 8896aa011f94245c0a3b86a13d2cb7266909f9de | |
| parent | 942b4ce6e60e88e4e31600655fad8980f3986f68 (diff) | |
| download | sssd-733100a12138a701d0ae7ef5af2b04b08e225033.tar.gz sssd-733100a12138a701d0ae7ef5af2b04b08e225033.tar.xz sssd-733100a12138a701d0ae7ef5af2b04b08e225033.zip | |
BUILD: Ship systemd service file for sssd-secrets
Adds two new files: sssd-secrets.socket and sssd-secrets.service. These
can be used to socket-acticate the secrets responder even without
explicitly starting it in the sssd config file.
The specfile activates the socket after installation which means that
the admin would just be able to use the secrets socket and the
sssd_secrets responder would be started automatically by systemd.
The sssd-secrets responder is started as root, mostly because I didn't
think of an easy way to pass the uid/gid to the responders without
asking about the sssd user identity in the first place. But nonetheless,
the sssd-secrets responder wasn't tested as non-root and at least the
initialization should be performed as root for the time being.
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
| -rw-r--r-- | Makefile.am | 21 | ||||
| -rw-r--r-- | contrib/sssd.spec.in | 6 | ||||
| -rw-r--r-- | src/sysv/systemd/sssd-secrets.service.in | 8 | ||||
| -rw-r--r-- | src/sysv/systemd/sssd-secrets.socket.in | 8 |
4 files changed, 41 insertions, 2 deletions
diff --git a/Makefile.am b/Makefile.am index 44794b935..8b9240f44 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3873,7 +3873,10 @@ systemdunit_DATA = systemdconf_DATA = if HAVE_SYSTEMD_UNIT systemdunit_DATA += \ - src/sysv/systemd/sssd.service + src/sysv/systemd/sssd.service \ + src/sysv/systemd/sssd-secrets.socket \ + src/sysv/systemd/sssd-secrets.service \ + $(NULL) if WITH_JOURNALD systemdconf_DATA += \ src/sysv/systemd/journal.conf @@ -3911,6 +3914,7 @@ edit_cmd = $(SED) \ -e 's|@sbindir[@]|$(sbindir)|g' \ -e 's|@environment_file[@]|$(environment_file)|g' \ -e 's|@localstatedir[@]|$(localstatedir)|g' \ + -e 's|@libexecdir[@]|$(libexecdir)|g' \ -e 's|@prefix[@]|$(prefix)|g' replace_script = \ @@ -3922,7 +3926,10 @@ replace_script = \ EXTRA_DIST += \ src/sysv/systemd/sssd.service.in \ - src/sysv/systemd/journal.conf.in + src/sysv/systemd/journal.conf.in \ + src/sysv/systemd/sssd-secrets.socket.in \ + src/sysv/systemd/sssd-secrets.service.in \ + $(NULL) src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ @@ -3932,6 +3939,14 @@ src/sysv/systemd/journal.conf: src/sysv/systemd/journal.conf.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) +src/sysv/systemd/sssd-secrets.socket: src/sysv/systemd/sssd-secrets.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-secrets.service: src/sysv/systemd/sssd-secrets.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + SSSD_USER_DIRS = \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(keytabdir) \ @@ -4147,6 +4162,8 @@ endif done; rm -Rf ldb_mod_test_dir rm -f $(builddir)/src/sysv/systemd/sssd.service + rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket + rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf CLEANFILES += *.X */*.X */*/*.X diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 226dedf3b..24af8d518 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -747,6 +747,8 @@ done %{_sbindir}/sssd %if (0%{?use_systemd} == 1) %{_unitdir}/sssd.service +%{_unitdir}/sssd-secrets.socket +%{_unitdir}/sssd-secrets.service %else %{_initrddir}/%{name} %endif @@ -1079,12 +1081,16 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us # systemd %post common %systemd_post sssd.service +%systemd_post sssd-secrets.socket %preun common %systemd_preun sssd.service +%systemd_preun sssd-secrets.socket %postun common %systemd_postun_with_restart sssd.service +%systemd_postun_with_restart sssd-secrets.socket +%systemd_postun_with_restart sssd-secrets.service %else # sysv diff --git a/src/sysv/systemd/sssd-secrets.service.in b/src/sysv/systemd/sssd-secrets.service.in new file mode 100644 index 000000000..119c9bb4b --- /dev/null +++ b/src/sysv/systemd/sssd-secrets.service.in @@ -0,0 +1,8 @@ +[Unit] +Description=SSSD Secrets Service responder + +[Install] +Also=sssd-secrets.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_secrets --uid 0 --gid 0 --debug-to-files diff --git a/src/sysv/systemd/sssd-secrets.socket.in b/src/sysv/systemd/sssd-secrets.socket.in new file mode 100644 index 000000000..682e8f6e0 --- /dev/null +++ b/src/sysv/systemd/sssd-secrets.socket.in @@ -0,0 +1,8 @@ +[Unit] +Description=SSSD Secrets Service responder socket + +[Socket] +ListenStream=@localstatedir@/run/secrets.socket + +[Install] +WantedBy=sockets.target |