diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-20 23:16:40 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-05 19:55:09 +0100 |
| commit | f3a25949de81f80c136bb073e4a8f504b080c20c (patch) | |
| tree | 69523a939b65b371d7a95e16d1f69e237c77f048 /contrib | |
| parent | 77b13371c87702aee3f858f6b2b73826cf5a01bd (diff) | |
| download | sssd-f3a25949de81f80c136bb073e4a8f504b080c20c.tar.gz sssd-f3a25949de81f80c136bb073e4a8f504b080c20c.tar.xz sssd-f3a25949de81f80c136bb073e4a8f504b080c20c.zip | |
IPA: Move setting the SELinux context to a child process
In order for the sssd_be process to run as unprivileged user, we need to
move the semanage processing to a process that runs as the root user
using setuid privileges.
Reviewed-by: Michal Židek <mzidek@redhat.com>
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/sssd.spec.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index d2e6cec26..5bfb16707 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -665,6 +665,7 @@ rm -rf $RPM_BUILD_ROOT %doc COPYING %attr(755,root,root) %dir %{pubconfpath}/krb5.include.d %{_libdir}/%{name}/libsss_ipa.so +%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/selinux_child %{_mandir}/man5/sssd-ipa.5* %files ad -f sssd_ad.lang |