SSSD / sssd

Clone

3be9e26 p11: allow p11_child to run completely unprivileged

5 files Authored by sbose 8 years ago, Committed by jhrozek 8 years ago,
raw patch tree parent
5 files changed. 38 lines added. 26 lines removed.
Makefile.am
file modified
+4 -4
configure.ac
file modified
+1 -0
contrib/sssd-pcsc.rules.in
file added
+15
contrib/sssd.spec.in
file modified
+12 -1
src/p11_child/p11_child_nss.c
file modified
+6 -21 
    p11: allow p11_child to run completely unprivileged
    
    To only operation of p11_child which requires special privileges is the
    communication to pcscd which handles the Smartcard access. pcscd uses
    policy-kit for access control so access can easily be configured by
    dropping config snippets into the right directory.
    
    If SSSD is configured to run as un-privileged user this patch creates
    the needed config snippet for policy-kit and installs it in a suitable
    directory. As a result p11_child does not have to be installed with
    SETUID or SETGID bits set.
    
    Resolves https://fedorahosted.org/sssd/ticket/2755 by making it obsolete
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
file modified
+4 -4
file modified
+1 -0
file added
+15
file modified
+12 -1
file modified
+6 -21
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.