On (23/06/16 11:03), Lukas Slebodnik wrote:
>On (20/06/16 21:09), Jakub Hrozek wrote:
>>On Mon, Jun 20, 2016 at 08:54:18PM +0200, Lukas Slebodnik wrote:
>>> ehlo,
>>>
>>> Attached is a sligtly modified version of Michal's patch.
>>
>>The same patch is attached twice. Was it by accident or did you mean to
>>send two patches?
>>
>>> I fixed few coding style issues + added missing creation of directory
>>> + spec file change.
>>
>>You should have sent fixups to get credit, but meh :) Thanks for doing
>>the work nonetheless.
>>
>>>
>>> You might notice that Michal removed detection of sssd.conf modified time.
>>> It is because mtime could be obtiained from sssd.conf before parsing.
>>> However, snippets files are open after parsing sssd.conf and mtime
>>> of snippet files is ignored in the process.
>>>
>>> We have few options.
>>> * check mtime directly in sssd
>>> * add new function to libini_config to get latest mtime before parsing
>>> (max_mtime(main.conf + alowed snippet files)
>>> // it's little bit a complication for user of libini_config
>>> // because user will need to paste regex for allowed snippets twice
>>> // 1st time in new function for checking mtime and 2nd time in function
>>> // ini_config_augment
>>> * modify libini_config to set max mtime while parsing snippet files
>>> // but we will need to parse files anyway. So I'm not sure what will be
>>> // benefit of cehcking mtime after parsing.
>>> * last option is to ignore mtime. (Michal's current version)
>>> // and remove FIXME :-)
>>
>>Is there actually any downside to /always/ reading the config file and
>>always creating the confdb from scratch? I would say that sssd restarts
>>are a rare operation and the parsing and writes are not too big to slow
>>down the startup significantly.
>>
>>I think the whole mtime logic was there only to allow online config
>>changes, which is something we tried in the past, but could never code
>>it up properly.
>>
>>
>>>
>>> The main purpose of this mail is to decide wheteer we want change in
>>> ding-libs
>>> or no.
>>>
>>> BTW. We cannot change directory for snippet files from command line.
>>> Do we want such feature?
>>> [root@graviton ~]# /usr/sbin/sssd --help
>>> Usage: sssd [OPTION...]
>>> -d, --debug-level=INT Debug level
>>> -f, --debug-to-files Send the debug output to files instead of
>>> stderr
>>> --debug-timestamps=INT Add debug timestamps
>>> --debug-microseconds=INT Show timestamps with microseconds
>>> -D, --daemon Become a daemon (default)
>>> -i, --interactive Run interactive (not a daemon)
>>> -c, --config=STRING Specify a non-default config file
>>
>>Can you think of any use for this option? There can be only one sssd on
>>the system, so I actually wonder if we can remove it..
>>
>>> --version Print version number and exit
>>>
>>> Help options:
>>> -?, --help Show this help message
>>> --usage Display brief usage message
>>>
>>> LS
>>
>
>Updated patch is attached which fixes compilation with libini_config 1.1 (el6)
>Config snippets will not be available there
>
BTW do not forget that SELinux might deny access to conf.d
type=AVC msg=audit(06/23/2016 10:44:57.486:910) : avc: denied { read } for
pid=27671 comm=sssd name=conf.d dev="dm-1" ino=1871243
scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0
tclass=dir permissive=0
LS
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
