Learn more about these different git repos.
Other Git URLs
libselinux uses many access(2) calls and as Sumit educated me, access uses the real UID, not the effective UID for the check. Therefore, the setuid selinux_child, which only has effective UID of root would fail the check.
Calling setuid(0) seems to set also the real UID, we should do that in the selinux child for the duration of the semanage transaction.
(Why does libselinux call access() instead of gracefully failing open() is a mystery to me..seems like a toctou race, but we need to work around it)
Fields changed
owner: somebody => jhrozek priority: major => blocker status: new => assigned
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1113783 (Red Hat Enterprise Linux 7)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1113783 1113783]
This ticket was requested by a downstream. I'm bypassing the triage and moving to 1.12.4
milestone: NEEDS_TRIAGE => SSSD 1.12.4 patch: 0 => 1
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.12.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3606
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.