diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-10-30 16:29:31 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-11-20 14:56:34 +0100 |
| commit | 3be9e26dcd169d44ae105f1b8a0674464c700b77 (patch) | |
| tree | 5b7a6c35bd3a9b2b1e2dbf104fb6e60e69fafd50 /configure.ac | |
| parent | aedc71fe8360a51785933523f14bb5c4e7e2c38b (diff) | |
| download | sssd-3be9e26dcd169d44ae105f1b8a0674464c700b77.tar.gz sssd-3be9e26dcd169d44ae105f1b8a0674464c700b77.tar.xz sssd-3be9e26dcd169d44ae105f1b8a0674464c700b77.zip | |
p11: allow p11_child to run completely unprivileged
To only operation of p11_child which requires special privileges is the
communication to pcscd which handles the Smartcard access. pcscd uses
policy-kit for access control so access can easily be configured by
dropping config snippets into the right directory.
If SSSD is configured to run as un-privileged user this patch creates
the needed config snippet for policy-kit and installs it in a suitable
directory. As a result p11_child does not have to be installed with
SETUID or SETGID bits set.
Resolves https://fedorahosted.org/sssd/ticket/2755 by making it obsolete
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 3fe824224..f7254c096 100644 --- a/configure.ac +++ b/configure.ac @@ -432,6 +432,7 @@ my_srcdir=`readlink -f $srcdir` AC_DEFINE_UNQUOTED([ABS_SRC_DIR], ["$my_srcdir"], [Absolute path to the source directory]) AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config + contrib/sssd-pcsc.rules src/sysv/sssd src/sysv/gentoo/sssd src/sysv/SUSE/sssd po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile src/tests/intg/Makefile |