On Wed, Sep 28, 2016 at 10:54:47AM +0200, Fabiano Fidêncio wrote:
On Wed, Sep 28, 2016 at 10:32 AM, jhrozek
> URL: https://github.com/SSSD/sssd/pull/32
> Title: #32: Requesting a pull to SSSD:master from fidencio:wip/#3138
> jhrozek commented:
> Hi, thank you for working on this. I think there are two "architectural"
questions we should answer.
> 1) Lukas raised the suggestion of using PreExec with `sssd --genconf` on #sssd on
IRC. Did you explore this or did you not like this solution because of race-conditions?
I do believe it may work, but I would have to adapt sssd --genconf
logic, in order to avoid race-conditions.Shall I go for it?
I was thinking about waiting a little bit before doing any changes to
let people raise their questions/comments so I won't spend one week on
something that's not going to be used at all.
There are still the suggestions/questions raised by Pavel in the bug
report, where Dmitri jumped in as well, that just makes me think that
people are not in sync about the confdb itself and any kind of effort
on this area must have some agreement beforehand.
What do you think about this?
> 2) If we don't use `sssd --genconf`, I wonder if it would be actually better to
add the new socket to the monitor process rather than a new service (sorry, I realize it
was me who lead you down this path of adding a new service...I only remembered this idea
now once @simo5 mentioned it on IRC). IMO this would have one advantage which is that the
sssd process is already permitted by SELinux to read sssd.conf and write to confdb. And
long-term we wanted to make the sssd process only initialize sssd and then exit since the
services would (in the ideal case of a modern Linux system) self-monitor themselves.
I really don't know what's the best approach and I completely opened
Could you reply to the github PR, please?
(This reminds me to implement Sumit's suggestion to note that replying
to the github notification e-mails doesn't reach github unless you reply
to the message from github..)