[meta-security,5/5] sssd: enable unprivileged service user feature

Return-Path: <yi.zhao@eng.windriver.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 879C3C36010
	for <webhook@archiver.kernel.org>; Thu, 27 Mar 2025 13:23:59 +0000 (UTC)
Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com
 [205.220.178.238])
 by mx.groups.io with SMTP id smtpd.web11.49724.1743081831548500915
 for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 06:23:51 -0700
Authentication-Results: mx.groups.io;
 dkim=none (message not signed);
 spf=permerror,
 err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}:
 invalid domain name (domain: windriver.com, ip: 205.220.178.238,
 mailfrom: prvs=5181a5ef2b=yi.zhao@windriver.com)
Received: from pps.filterd (m0250812.ppops.net [127.0.0.1])
	by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 52RBcHI5031145
	for <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 13:23:50 GMT
Received: from nam10-bn7-obe.outbound.protection.outlook.com
 (mail-bn7nam10lp2046.outbound.protection.outlook.com [104.47.70.46])
	by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 45hm68nxb2-2
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 13:23:50 +0000 (GMT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=UDsT5B/Htx4YD2ha6AkQcOJyV8vnzNOos1Z6cJUgycVzopr7KuOwYHEKSzR1mBetZjW+kwSDU+JB6xr8X4HhhjE4oDf/XNd44a8m4dXD54MeMP42owhlkQEzet5qsjJuT5wXhyDjIIW0t07faPNg5Vvdll1tWmWUi641rJ72DPMlYi/fQogLmhsRdMdLyXKQ7Mc6d56pUf7sfZ6g9B9WmesXrnk5qGhBDJxfPryvLOw7VJuy6M82cSFXfiWyyNwz2XhY3MFlk575Yx3fZ7uQANdDiPoPkohRGkNOlZc6rV9YL1NEWMReQKibB8hTxN/2lnlpEzVdqpBwLsICDq+mcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=UZ4sFJsC0lqqfH4btLZ5O1AuRQb+cHct5JVeXp/EaFg=;
 b=PfBAW3u8J+q7ujw8c7jXYKIrDy7xl5XLLRSFAjViwKy2Hzs5HsB8eSSquRwUKUPGDMjIlCfIn//xGaBE/eBkFfFdFj85WZ6YzpRoNYxjpzE5jyVhatKXRP3NrfMGbXo7yW1Zp84T/3Hw6nt05lwbivRsz0eEnPpwfJUMBh5vfq0mkxX0lQRrW3rDkl0KLAcXFCBtLjCoCWlP+fLSuNr/M8YpkgTGEGdfnZ6k5grCDxutdjWXqz45+OmfL8lwjkMP6cCavFoCyJV9jhHZIQcVQTly+MisVu31miR0ZYvX6IdhAyL3lD8PkXOt9MleXJoCBypT9PhOQV48uK3VKmkmbg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=windriver.com; dmarc=pass action=none
 header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none
Received: from DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) by
 MW4PR11MB5773.namprd11.prod.outlook.com (2603:10b6:303:180::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Thu, 27 Mar
 2025 13:23:49 +0000
Received: from DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad]) by DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad%5]) with mapi id 15.20.8534.043; Thu, 27 Mar 2025
 13:23:48 +0000
From: Yi Zhao <yi.zhao@windriver.com>
To: yocto-patches@lists.yoctoproject.org
Subject: [meta-security][PATCH 5/5] sssd: enable unprivileged service user
 feature
Date: Thu, 27 Mar 2025 21:23:27 +0800
Message-Id: <20250327132327.3477926-5-yi.zhao@windriver.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250327132327.3477926-1-yi.zhao@windriver.com>
References: <20250327132327.3477926-1-yi.zhao@windriver.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-ClientProxiedBy: SI1PR02CA0038.apcprd02.prod.outlook.com
 (2603:1096:4:1f6::15) To DS0PR11MB6399.namprd11.prod.outlook.com
 (2603:10b6:8:c8::5)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS0PR11MB6399:EE_|MW4PR11MB5773:EE_
X-MS-Office365-Filtering-Correlation-Id: f6287994-bb50-4ebc-e09a-08dd6d329bdc
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|376014|52116014|1800799024|366016|38350700014;
X-Microsoft-Antispam-Message-Info: 
 4Scqgr3v4AHDJFFQuQwGxoj//1U46vCPJLGufGjT24f6p/PNeCoE/DqjP59AC/psC2bG62oYD2hKNihd0/XHFNnVsSPgGwfrqETe5VywJhSwSygoAmfTchCYSNfvzgdqLJBXEOLuN5hWw5cDy8huEQFfAKHVFwapzL2RMXAA/dG4Zo4VYSB2wIC+ukBtaN3Frk1Av4nEBwYBm4S12iC1201NroVfHjYP81f9dJmN1OMDU3m8t2IAhbZBeo/wXhkYQ4aXfJZviGU2/SD2LOVX9MzhDBVRYqTfWj+TWNm/UDqMv4b0gIOKdBMhBvvH24jiyPtoSXXeufpxCT5fuCpJgYVtdhukh0qvriVdTAQymIMqVd97YF1suFZ8gN5ab8yF55vg1AECOPtkeEqj18UXTHW7ztLK9CuOdgnjdVv9m4AXmKDxaUqKAcLCXmvTG0GZHN7MlFKFH+vT7EECo73/3vnc9SorGbtwySOdp8Q44qn0Aai6YMpfTlk47xGe6gT0HG63/fx7E1xdGQEgEADu2S3l28CzoOQhcfbCXTy6TI5nioH3KtNPSbahj2MJrX+pdJiMpwhzaXRsm2D4Lyb24jayy1hK87xkWsxnDCtc2lvjPCEnnx2HabIMnoKerkNugtI8JvK7AzgSNYLbx0VCmOBmpBpGnxq7MhdKw9ErOWLeNpWoKrfKtWxYpMtMVK4qhDWlWCtLwH2AMFZKsC+wLiGHRijX9JdERlnTOjJApOsCe77qy0fcS+9POxMKzK+G2PJhKHMc1S/TumB4XbUd/JwS352g+GlWxSirb6klStJ47zM5NgqHPOiuQDe7r6OEs5YGv7jK/zvzloS6L+fsM5jgviPRIInJ9kATQeWX5/AVp4ZjTBaE0k7TQmUHSz50bOrukMlfA6kxHEPyeU9HyVUxIOhwhfiMZ11/EfldtSb5v1dleCXTExgJ4fzGJpwFn1cVowTct/+KL6RVw5XvSd6t3OQSA3W4mi0nnWI87FbRZ1gUimR4cRDUSNpJd48t1Ef6SBs/rRVqvkYAwvhf8+IzVRVgURLRWgPy9Rrt2EoJKmVwMR8x8mK8hHgIC/gH0c9KrJ8nUgqawjVsb1IwbaieqrKKnE+9WLoXQSsc8bt3B0uSb+vYfaywDXrijuTEg3/k6pVBfZc6Whz39aAQXOdskhi1eFG1s8xKaEmU+AteBLOTi7YEn7lqYoEueisSDlKm5u7+FUw7crTBspLpurYVsawuPO82tZQ4c+rjKmzrklFB7Kzb4+OsTuYchKQ0irKKXSISy1khPkttQimgRT8Sa7J7HgwdEDSIFvyli2MPYrfUt3xyOxwUjA4yPA/+ktXwiHuVkNz6d8OFmTGrsMF1aVZMqOT7R3BeE5FENKDAY8SAFQ9lDitpR8vTqQoCjskaKNRfkNvPXZ+qpNx9ycNgGFfoel26CJ0cmxrn/8LxPlbsKii7Bj9g29ei7GQa
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR11MB6399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(52116014)(1800799024)(366016)(38350700014);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 f0YeO5mm/Wllv8aT3FqrAauvNywo3xcV1u1C3ZUG3X137g7/w+G3QyrtEYfh3z8X9TYrpHzRRw4fs+Gfx0unU3wUE06ongx+qJDkCQM7RGGXFM0ApMRfZxzAgQmTD8pSC3/3XJqPAoRJqq/lkcnRMGRJGb6d3z19vXn6Lbf5KmUHO6vlDh2x5jJi/rscmORMNeypdiYWMgeUSktGqy2hWS7E1u7t8zNbxgA7ITK9zO6WQj/PFN5Sd1qJdKRXRUuECtSLdVz4E6jjTflmlXb1iLcJA36BEiQYiHCmC7BePvPijI9fgAzpCF5d525d+ham8vqURxKwG62rYF8ZxntZw88nsRWrAEfcoc6Knie7nBpRqYMS5tD8HsuvzVvqNo5Zp2wn10mEYgdYPMj2MZ7BzzPr/6jKrgHZTHRp0d5F2aBTVzpFNSUPrOe1fYE3VkDkaFSV4Vy6og7KhrdXhieNdxkOfgRkemeaEe2VDzFB8zBmVLK9xMZyVrE/8bDzO6j/uD0em3MJv6gr9ZsCyvR9S9Y8hDlHOiwCPByEzro7l5nStqC/tWmROS/+zU8nYI8RCSHcbZczoJKQX+Jp25CHZNDkQEwahXFvEOtD+2UKyNaMOtK11InksnYzZrDZNAFqarf3pOzMLYjWBHqsHmisApvExw30anN1xDBFyXCo/0GnegoNjUDcK/sZ53x+gMIdTbzSP4YFNrBa7QyiNP0wWntSWp9I5i9t4i5JsgYJ1pZqwS83gLeCm/gMUPs1eSrhIfcMV+1t3aZKJNYnKnH4eul7Brk+F/1Tfap8c0lkE+LWS0zEvVDuubxuHrHLWnYEbz0fK1UmEGY/Y9pKMW8MFjovDi8DPE8NdnU3NTssoxQ8yhVo3veN9+9yu0F67Fs15RcPczZk6nHqf5XXLGtVCQCjY3hmzlfylL1TN8la+w1bIed4MFGa3MZ1qVatzvmn/IFAI90jtpeCoq1UAwhL8Lukhp3lFLuUaLvGP50zoNVoeGp4Bpo6HxxAxfkwwPgUi0EXwGnGUXP7VjcWfm++k4RrWquEk5TcxUOIKRfBzqP/lMX/5fUfynA0WxkxGfLdllfegWG2bxycKN0VdxZrMJwNGsJ+cOnBGJrDojuA4j7DH9c6ByPc+/NdAXKnI7u0shj+HXBcG+AsNG0WF7U+jf8lMro9Mjt9AxdFAGslXz7uxzPq5NWOqpkloGhAfgbUCKoQlclR8inPOdM3mccu6p99eOiogSTTm7rNS3F7DwVJMTBVANN0pGAekNTBjktSX+/T5tqcdaqAW+5cz6n4AsqEaWpytdxQK8QfW2e0bgji+9njPHAyfwxMDPCZr6hP1G7UcQEBVvteeAxlgoet0IlcsyMdGH65rutaR5lxq0LJQiLjYBlJElCW0nK+/5FUdbVQPDNtkdAYH49uYvVdVDFkunwGpr65J2q1GWNc9FN5816CRuimoBumD6u1m1G6mibawxfd/Kz4JfmJ3+luBbnf3qY54XDxPj9bwGjR1cykCV5h/nQicrMXT747aJtx6JGhfdqX31zYJTzHgpL6Xp/jfSkEJKb8hhyX58034h0cOalPB0rprhTR0Sswe26z
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 f6287994-bb50-4ebc-e09a-08dd6d329bdc
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6399.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2025 13:23:48.9065
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 6Bs9OJLSJQizdtF8kzZFXAMr4i0vX6aDRJV//9FH9+aYJbRQAU6bdSFM+yn52Fz9vFWo5wBQ+8dku7s/Q+F7DA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB5773
X-Proofpoint-ORIG-GUID: nma4fSNxOM7nV58uhmuKz9909Il5MoQE
X-Authority-Analysis: v=2.4 cv=etjfzppX c=1 sm=1 tr=0 ts=67e55166 cx=c_pps
 a=IwUfk5KXFkOzJxXNjnChew==:117 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19
 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19
 a=xqWC_Br6kY4A:10 a=Vs1iUdzkB0EA:10
 a=H5OGdu5hBBwA:10 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=YqaM2oRP_DgEIVZAgjEA:9
 a=FdTzh2GWekK77mhwV6Dw:22
X-Proofpoint-GUID: nma4fSNxOM7nV58uhmuKz9909Il5MoQE
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34
 definitions=2025-03-27_01,2025-03-26_02,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 bulkscore=0 phishscore=0
 malwarescore=0 lowpriorityscore=0 mlxscore=0 adultscore=0 suspectscore=0
 impostorscore=0 mlxlogscore=999 priorityscore=1501 spamscore=0
 clxscore=1015 classifier=spam authscore=0 authtc=n/a authcc=
 route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2502280000
 definitions=main-2503270093
List-Id: <yocto-patches.lists.yoctoproject.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 13:23:59 -0000
X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1270