Skip to content

Commit

Permalink
Stop the sssd.service from changing the /etc/sssd symlink in Fedora 4…
Browse files Browse the repository at this point in the history 
…1 as well.

Addressing
C /etc/sssd

Related to SSSD/sssd#7781.

(cherry picked from commit ddc61c6)
  • Loading branch information
@adelton
adelton committed Dec 28, 2024
1 parent ab47f5a commit 5daf654
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions Dockerfile.fedora-41
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ RUN mkdir /usr/lib/systemd/system/sssd.service.d
# Workaround https://bugzilla.redhat.com/show_bug.cgi?id=2334087
RUN ( echo '[Service]' ; sed '/^CapabilityBoundingSet=/!d; s/CAP_DAC_READ_SEARCH/& CAP_DAC_OVERRIDE/' /usr/lib/systemd/system/sssd.service ) > /usr/lib/systemd/system/sssd.service.d/capabilities.conf
RUN setcap cap_dac_override+ep /usr/libexec/sssd/ldap_child
# Stop the sssd.service from changing the /etc/sssd symlink
RUN ( echo '[Service]' ; echo 'ExecStartPre=' ; sed '/ExecStartPre/!d; s/-R/-R -H/g' /usr/lib/systemd/system/sssd.service ) > /usr/lib/systemd/system/sssd.service.d/avoid-chown-chmod-on-image.conf

# Container image which runs systemd
# debug: RUN test -f /etc/machine-id && ! test -s /etc/machine-id
Expand Down

0 comments on commit 5daf654

Please sign in to comment.