#2563 Need to set different umask in selinux_child
Closed: Fixed None Opened 7 years ago by jhrozek.

libsemanage calls mkdir() and then requires that the directory is created with permissions 0700. That doesn't work well for programs like sssd that set umask to a very restrictive value (like 177).

I consider this a bug in libsemanage, since they require custom permissions, they should set a sensible umask themselves, but we need to work around it for the short term.

Fields changed

owner: somebody => jhrozek
priority: major => blocker

This ticket was requested by a downstream. I'm bypassing the triage and moving to 1.12.4

milestone: NEEDS_TRIAGE => SSSD 1.12.4
patch: 0 => 1

resolution: => fixed
status: new => closed

Fields changed

changelog: => Setting the SELinux label for a user works correctly again and the selinux_child process no longer errors out with a "Permission Denied" error.

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12.4

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3605

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.