[PATCH] Move settig the SELinux context into a privileged child process
by Jakub Hrozek
Hi,
this patchset moves setting the SELinux context from the sssd_be process
to a privileges child process in preparation for making the sssd_be process
running as the sssd user.
The first two patches just reduce code duplication between the child
processes we already have, the last one implements setting the context.
Please note that the Fedora and RHEL SELinux policy must be tweaked, so
currently the patches must be tested with SELinux set to Permissive.
Additionally, I wasn't able to run Coverity scan on these patches, because
our Coverity server was returning errors again for me. I'll run the tests
later, or, if the reviewer would find any issues, I'll be happy to fix them.
9 years, 5 months
[PATCH] Back end patches for running SSSD as a non-root user
by Jakub Hrozek
Hi,
I'll send patches that help SSSD run as a non-root user to this thread.
I'm still chasing some bugs in the krb5_child changes, but the attached
patches are ready for review.
If other developers don't like the idea of a Python-based unit test that
spawns a KDC, I'm equally fine with keeping those patches in my tree --
they served their purpose, after all.
9 years, 5 months
[PATCHES] Views: apply user SSH public key override
by Sumit Bose
Hi,
this series of patches add support for SSH public key overrides. The
main part is in patch 004. The others mainly enhance the exiting
functions with respect to multi-values and variable attribute lists.
In contrast to other overrides the SSH public keys from the override
attributes do not override any existing ones but are added to the
existing ones. Please tell me if you think this is not a good idea so
that I can change it.
bye,
Sumit
9 years, 5 months