URL: https://github.com/SSSD/sssd/pull/688 Author: stanislavlevin Title: #688: Allow non-privileged sssd user connect to private dbus Action: opened
PR body: """ During startup SSSD monitor launches the children and stands on a private dbus to waiting for a reply from them. But by default dbus auth rules connection is allowed if the client is root or has the same UID or anonymous is allowed. The forked children drop their root privileges in favor of non-privileged user (e.g sssd). In such a case there is no access to the monitor dbus connection to say: "Hey, i'm here.". Thus, sssd service becomes failed.
This patch changes the default dbus authorization rules for a private connections to allow incomings from root or sssd user.
Fixes: https://pagure.io/SSSD/sssd/issue/3871 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/688/head:pr688 git checkout pr688
URL: https://github.com/SSSD/sssd/pull/688 Title: #688: Allow non-privileged sssd user connect to private dbus
centos-ci commented: """ Can one of the admins verify this patch? """
See the full comment at https://github.com/SSSD/sssd/pull/688#issuecomment-434979485
URL: https://github.com/SSSD/sssd/pull/688 Title: #688: Allow non-privileged sssd user connect to private dbus
stanislavlevin commented: """ We have faced with this issue during an upgrade SSSD from 1.x to 2.x. Please, review. If it is an appropriate way to fix, I can add tests if needed. """
See the full comment at https://github.com/SSSD/sssd/pull/688#issuecomment-434980371
URL: https://github.com/SSSD/sssd/pull/688 Title: #688: Allow non-privileged sssd user connect to private dbus
pbrezina commented: """ Thank you for your contribution, there is another pull request from yesterday: https://github.com/SSSD/sssd/pull/687
It does pretty much the same thing, however it is less intrusive so I am closing this one. """
See the full comment at https://github.com/SSSD/sssd/pull/688#issuecomment-434981919
URL: https://github.com/SSSD/sssd/pull/688 Author: stanislavlevin Title: #688: Allow non-privileged sssd user connect to private dbus Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/688/head:pr688 git checkout pr688
sssd-devel@lists.fedorahosted.org