087162b SERVER: Set the process group during server_setup()

2 files Authored by fidencio 7 years ago, Committed by lslebodn 7 years ago,
    SERVER: Set the process group during server_setup()
    
    By calling setpgid() in server_setup() we are able to kill the process
    in the watchdog by simply doing kill(-getpid(), SIGTERM).
    
    However, in order to have it working properly the SELinux policy for
    SSSD has to be updated and unless SSSD is ran with SELinux on permissive
    mode, each of the responders and the monitor will trigger a similar
    message:
    
        Jan 09 14:31:50 client1.ipa.example audit[11630]: AVC avc:  denied
        { setpgid } for  pid=11630 comm="sssd_pac"
        scontext=system_u:system_r:sssd_t:s0
        tcontext=system_u:system_r:sssd_t:s0 tclass=process permissive=0
    
    It's important to say that till SELinux policy is fixed, we might end up
    leaking some processes.
    
    Related:
    https://fedorahosted.org/sssd/ticket/3266
    
    Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
    Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    
        
file modified
+3 -3
file modified
+11 -0