SYSTEMD: replace 'sssd_check_socket_activated_responders'

with a schell script. All sockets already have ``` After=sssd.service BindsTo=sssd.service ``` - this ensures SSSD was started and running before socket activation. New 'ExecStartPre' condition checks if a responder with the same name is running and, if so, if it runs in the same mnt namespace. The latter is to ignore processes run in a container on the same host. Resolves: #4333 Resolves: #5013
SSSD · Sep 20, 2024 · cceb66a · cceb66a
1 parent 67ba42c
commit cceb66a
Show file tree

Hide file tree

Showing 9 changed files with 6 additions and 175 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -218,9 +218,6 @@ endif
 if BUILD_PAC_RESPONDER
     sssdlibexec_PROGRAMS += sssd_pac
 endif
-if HAVE_SYSTEMD_UNIT
-sssdlibexec_PROGRAMS += sssd_check_socket_activated_responders
-endif
 
 if HAVE_CHECK
     non_interactive_check_based_tests = \
@@ -1999,22 +1996,6 @@ sss_ssh_knownhostsproxy_LDADD = \
     $(CLIENT_LIBS) $(TALLOC_LIBS) $(POPT_LIBS)
 endif
 
-if HAVE_SYSTEMD_UNIT
-sssd_check_socket_activated_responders_SOURCES = \
-    src/tools/sssd_check_socket_activated_responders.c \
-    $(NULL)
-sssd_check_socket_activated_responders_CFLAGS = \
-    $(AM_CFLAGS) \
-    $(NULL)
-sssd_check_socket_activated_responders_LDADD = \
-    $(SSSD_INTERNAL_LTLIBS) \
-    $(LTLIBINTL) \
-    $(TALLOC_LIBS) \
-    $(POPT_LIBS) \
-    $(INI_CONFIG_LIBS) \
-    $(NULL)
-endif
-
 pkgconfig_DATA += src/lib/certmap/sss_certmap.pc
 libsss_certmap_la_DEPENDENCIES = src/lib/certmap/sss_certmap.exports
 libsss_certmap_la_SOURCES = \

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
@@ -800,7 +800,6 @@ install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf
 %{_libexecdir}/%{servicename}/sssd_ssh
 %{_libexecdir}/%{servicename}/sssd_sudo
 %{_libexecdir}/%{servicename}/p11_child
-%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders
 
 %dir %{_libdir}/%{name}
 %if 0%{?rhel} == 9

diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in
@@ -7,7 +7,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 
 [Socket]
-ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r autofs
+ExecStartPre=/bin/sh -c "! (pidof -q sssd_autofs && pidof sssd_autofs | xargs ps -o mntns -p | grep -q `lsns -n -t mnt -o NS -p \\$\\$`)"
 ListenStream=@pipepath@/autofs
 SocketUser=@SSSD_USER@
 SocketGroup=@SSSD_USER@

diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in
@@ -8,7 +8,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 
 [Socket]
-ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r nss
+ExecStartPre=/bin/sh -c "! (pidof -q sssd_nss && pidof sssd_nss | xargs ps -o mntns -p | grep -q `lsns -n -t mnt -o NS -p \\$\\$`)"
 ListenStream=@pipepath@/nss
 @nss_socket_user_group@
 

diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in
@@ -7,7 +7,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 
 [Socket]
-ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r pac
+ExecStartPre=/bin/sh -c "! (pidof -q sssd_pac && pidof sssd_pac | xargs ps -o mntns -p | grep -q `lsns -n -t mnt -o NS -p \\$\\$`)"
 ListenStream=@pipepath@/pac
 SocketUser=@SSSD_USER@
 SocketGroup=@SSSD_USER@

diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in
@@ -7,7 +7,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 
 [Socket]
-ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r pam
+ExecStartPre=/bin/sh -c "! (pidof -q sssd_pam && pidof sssd_pam | xargs ps -o mntns -p | grep -q `lsns -n -t mnt -o NS -p \\$\\$`)"
 ListenStream=@pipepath@/pam
 SocketUser=@SSSD_USER@
 SocketGroup=@SSSD_USER@

diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in
@@ -7,7 +7,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 
 [Socket]
-ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r ssh
+ExecStartPre=/bin/sh -c "! (pidof -q sssd_ssh && pidof sssd_ssh | xargs ps -o mntns -p | grep -q `lsns -n -t mnt -o NS -p \\$\\$`)"
 ListenStream=@pipepath@/ssh
 SocketUser=@SSSD_USER@
 SocketGroup=@SSSD_USER@

diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in
@@ -7,7 +7,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 
 [Socket]
-ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r sudo
+ExecStartPre=/bin/sh -c "! (pidof -q sssd_sudo && pidof sssd_sudo | xargs ps -o mntns -p | grep -q `lsns -n -t mnt -o NS -p \\$\\$`)"
 ListenStream=@pipepath@/sudo
 SocketUser=@SSSD_USER@
 SocketGroup=@SSSD_USER@

diff --git a/src/tools/sssd_check_socket_activated_responders.c b/src/tools/sssd_check_socket_activated_responders.c