SSSD 2.10.1 requires fewer capabilities now than it's packaged with

In 2.10.1 they reduced the set of capabilities the SSSD helpers require now (c.f. #5 (closed) ):

Important note for downstream maintainers.

A set of capabilities required by privileged binaries was further reduced to:

krb5_child cap_dac_read_search,cap_setgid,cap_setuid=p ldap_child cap_dac_read_search=p selinux_child cap_setgid,cap_setuid=p sssd_pam cap_dac_read_search=p

(as announced here). This change has not been reflected in the packaging yet.

Edited Dec 15, 2024 by Christian

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

SSSD 2.10.1 requires fewer capabilities now than it's packaged with