Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SERVER: Set the process group during server_setup()
By calling setpgid() in server_setup() we are able to kill the process in the watchdog by simply doing kill(-getpid(), SIGTERM). However, in order to have it working properly the SELinux policy for SSSD has to be updated and unless SSSD is ran with SELinux on permissive mode, each of the responders and the monitor will trigger a similar message: Jan 09 14:31:50 client1.ipa.example audit[11630]: AVC avc: denied { setpgid } for pid=11630 comm="sssd_pac" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=process permissive=0 It's important to say that till SELinux policy is fixed, we might end up leaking some processes. Related: https://fedorahosted.org/sssd/ticket/3266 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
- Loading branch information