#2563 Need to set different umask in selinux_child
Closed: Fixed None Opened 5 years ago by jhrozek.

libsemanage calls mkdir() and then requires that the directory is created with permissions 0700. That doesn't work well for programs like sssd that set umask to a very restrictive value (like 177).

I consider this a bug in libsemanage, since they require custom permissions, they should set a sensible umask themselves, but we need to work around it for the short term.

Fields changed

owner: somebody => jhrozek
priority: major => blocker

This ticket was requested by a downstream. I'm bypassing the triage and moving to 1.12.4

milestone: NEEDS_TRIAGE => SSSD 1.12.4
patch: 0 => 1

resolution: => fixed
status: new => closed

Fields changed

changelog: => Setting the SELinux label for a user works correctly again and the selinux_child process no longer errors out with a "Permission Denied" error.

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12.4

2 years ago

Login to comment on this ticket.