SSSD / sssd

Clone

69bd842 BUILD: Allow to read private pipes for root

Authored and Committed by lslebodn 7 years ago
raw patch tree parent
2 files changed. 5 lines added. 5 lines removed.
Makefile.am
file modified
+4 -4
contrib/sssd.spec.in
file modified
+1 -1 
    BUILD: Allow to read private pipes for root
    
    Root can read anything from any directory even with permissions 000.
    
    However SELinux checks discretionary access control (DAC)
    and deny access if access is not allowed for root by DAC.
    The pam_sss use different unix socket /var/lib/sss/pipes/private/pam
    for user with uid 0. Therefore root need to be able read content
    of directory with private pipes.
    
    type=AVC msg=audit(08/19/2016 10:58:34.081:3369) : avc:  denied
      { dac_read_search } for  pid=20257 comm=vsftpd capability=dac_read_search
      scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023
      tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=capability
    
    type=AVC msg=audit(08/19/2016 10:58:34.081:3369) : avc:  denied
      { dac_override } for  pid=20257 comm=vsftpd capability=dac_override
      scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023
      tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=capability
    
    Resolves:
    https://fedorahosted.org/sssd/ticket/3143
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
    (cherry picked from commit f49724cd6b3e0e3274302c3d475e93f7a7094f40)
file modified
+4 -4
file modified
+1 -1
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.