[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes fidencio commented: """ On Wed, Mar 15, 2017 at 4:17 PM, lslebodn wrote: > BTW feel free to fix TOCTOU in different PR > Sure thing. I'll open an issue and fix the problem in a different PR. > — > You are r

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes lslebodn commented: """ BTW feel free to fix TOCTOU in different PR """ See the full comment at https://github.com/SSSD/sssd/pull/183#issuecomment-286774565 ___ sssd

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes lslebodn commented: """ master: * ecaf0bb271812c3af3e5916f14da0e37d26994d2 * e19327b3b06e723e5162f0c91cb77ba254bb3dc7 * b7430c4f4b98efe08d9d13d202fbb76229628b30 LS """ See the full comment at https://github

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes lslebodn commented: """ ACK """ See the full comment at https://github.com/SSSD/sssd/pull/183#issuecomment-286767772 ___ sssd-devel mailing list -- sssd-devel@lists.

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes fidencio commented: """ @lslebodn: Patch set updated according to your comments. """ See the full comment at https://github.com/SSSD/sssd/pull/183#issuecomment-286740540 ___

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes lslebodn commented: """ I would prefer to remove `open_and_fchown_debug_file` from the last patch. it requires more testing and root can write to any file. It will simplify testing. and `open_and_fchown_debug_f

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes fidencio commented: """ @lslebodn: As far as I understand from @sgallagher comments ... he would like to avoid having a dependency in the sssd-nss.service. Anyways, I've asked him on IRC and he said it's "okay

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes lslebodn commented: """ On (10/03/17 09:45), fidencio wrote: >On Fri, Mar 10, 2017 at 5:54 PM, lslebodn wrote: >> On (10/03/17 05:50), fidencio wrote: >> >@sgallah, @lslebodn >> > >> >On Fri, Mar 10, 2017 at 2:

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes fidencio commented: """ On Fri, Mar 10, 2017 at 5:54 PM, lslebodn wrote: > On (10/03/17 05:50), fidencio wrote: > >@sgallah, @lslebodn > > > >On Fri, Mar 10, 2017 at 2:22 PM, Stephen Gallagher < > notificati..

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes lslebodn commented: """ On (10/03/17 05:57), Jakub Hrozek wrote: >On Fri, Mar 10, 2017 at 05:50:58AM -0800, fidencio wrote: >> @sgallah, @lslebodn >> >> On Fri, Mar 10, 2017 at 2:22 PM, Stephen Gallagher > > wr

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes lslebodn commented: """ On (10/03/17 05:50), fidencio wrote: >@sgallah, @lslebodn > >On Fri, Mar 10, 2017 at 2:22 PM, Stephen Gallagher > wrote: > >> @lslebodn >> >> @sgallagher

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes jhrozek commented: """ On Fri, Mar 10, 2017 at 05:50:58AM -0800, fidencio wrote: > @sgallah, @lslebodn > > On Fri, Mar 10, 2017 at 2:22 PM, Stephen Gallagher > wrote: > > > @lslebodn

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes fidencio commented: """ @sgallah, @lslebodn On Fri, Mar 10, 2017 at 2:22 PM, Stephen Gallagher wrote: > @lslebodn > > @sgallagher The purpose of c

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes fidencio commented: """ @sgallah, @lslebodn On Fri, Mar 10, 2017 at 2:22 PM, Stephen Gallagher wrote: > @lslebodn > > @sgallagher The purpose of c

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes sgallagher commented: """ @lslebodn > @sgallagher The purpose of calling chown in ExecStartPre is to allow starting > responders as non-privileged from beginning. Systemd drops permissions before > exec. Ye

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes lslebodn commented: """ NACK to removing non-privileged user from all services. Ticket https://pagure.io/SSSD/sssd/issue/3322 is only about sssd-nss.service We might use numeric values `/bin/chown 0:0` in sssd-n

[SSSD] [sssd PR#183][comment] More socket-activation fixes

URL: https://github.com/SSSD/sssd/pull/183 Title: #183: More socket-activation fixes fidencio commented: """ Patch set has been updated. Please, take a look on the commit messages for a good explanation (mainly for the "Avoid TOCTOU vulnerability with the log files" patch). """ See the full c