On (23/06/16 11:03), Lukas Slebodnik wrote: >On (20/06/16 21:09), Jakub Hrozek wrote: >>On Mon, Jun 20, 2016 at 08:54:18PM +0200, Lukas Slebodnik wrote: >>> ehlo, >>> >>> Attached is a sligtly modified version of Michal's patch. >> >>The same patch is attached twice. Was it by accident or did you mean to >>send two patches? >> >>> I fixed few coding style issues + added missing creation of directory >>> + spec file change. >> >>You should have sent fixups to get credit, but meh :) Thanks for doing >>the work nonetheless. >> >>> >>> You might notice that Michal removed detection of sssd.conf modified time. >>> It is because mtime could be obtiained from sssd.conf before parsing. >>> However, snippets files are open after parsing sssd.conf and mtime >>> of snippet files is ignored in the process. >>> >>> We have few options. >>> * check mtime directly in sssd >>> * add new function to libini_config to get latest mtime before parsing >>> (max_mtime(main.conf + alowed snippet files) >>> // it's little bit a complication for user of libini_config >>> // because user will need to paste regex for allowed snippets twice >>> // 1st time in new function for checking mtime and 2nd time in function >>> // ini_config_augment >>> * modify libini_config to set max mtime while parsing snippet files >>> // but we will need to parse files anyway. So I'm not sure what will be >>> // benefit of cehcking mtime after parsing. >>> * last option is to ignore mtime. (Michal's current version) >>> // and remove FIXME :-) >> >>Is there actually any downside to /always/ reading the config file and >>always creating the confdb from scratch? I would say that sssd restarts >>are a rare operation and the parsing and writes are not too big to slow >>down the startup significantly. >> >>I think the whole mtime logic was there only to allow online config >>changes, which is something we tried in the past, but could never code >>it up properly. >> >> >>> >>> The main purpose of this mail is to decide wheteer we want change in >>> ding-libs >>> or no. >>> >>> BTW. We cannot change directory for snippet files from command line. >>> Do we want such feature? >>> [root@graviton ~]# /usr/sbin/sssd --help >>> Usage: sssd [OPTION...] >>> -d, --debug-level=INT Debug level >>> -f, --debug-to-files Send the debug output to files instead of >>> stderr >>> --debug-timestamps=INT Add debug timestamps >>> --debug-microseconds=INT Show timestamps with microseconds >>> -D, --daemon Become a daemon (default) >>> -i, --interactive Run interactive (not a daemon) >>> -c, --config=STRING Specify a non-default config file >> >>Can you think of any use for this option? There can be only one sssd on >>the system, so I actually wonder if we can remove it.. >> >>> --version Print version number and exit >>> >>> Help options: >>> -?, --help Show this help message >>> --usage Display brief usage message >>> >>> LS >> > >Updated patch is attached which fixes compilation with libini_config 1.1 (el6) >Config snippets will not be available there >
BTW do not forget that SELinux might deny access to conf.d type=AVC msg=audit(06/23/2016 10:44:57.486:910) : avc: denied { read } for pid=27671 comm=sssd name=conf.d dev="dm-1" ino=1871243 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=dir permissive=0 LS _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org