Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • v1.14.7
  • v1.14.6
  • v1.14.5
  • v1.14.4
  • v1.14.3
  • v1.14.2
  • v1.14.1
  • v1.14.0
  • v1.13.2
  • v1.13.1
  • v1.13.0
  • v1.12.1
  • v1.12.0
  • v1.11.1
  • v1.11.0
  • v1.10.0
  • v1.9.2
  • v1.9.1
  • v1.9.0
  • v1.8.4
21 results

ansible-freeipa

  • Clone with SSH
  • Clone with HTTPS
    • user avatar
    test container: Add DAC_READ_SEARCH capability
    Rafael Guterres Jeffman authored 
    SSSD 2.10+ runs under non-privileged user 'sssd' and relies on system
capabilities to get access to certain resources like /etc/krb5.keytab.
Not having these capabilities result in SSSD not starting.

Podman has reduced the capabilities granted to containers, and to be
able to start SSSD it is needed to add DAC_READ_SEARCH back.

This patch adds file infra/images/shdefaults to store the defaults used
by ansible-freeipa shell utilities in a contral location.

See:  https://github.com/containers/podman/discussions/24904#discussioncomment-11718823



Signed-off-by: default avatarRafael Guterres Jeffman <rjeffman@redhat.com>
    2d3da2d7
    History
    user avatar 2d3da2d7
    History
    Name Last commit Last update