[Freeipa-users] SELinux user mapping
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Tue Aug 28 21:54:12 UTC 2012
I am hoping I haven't missed something here, but it appears that the
SELinux user mapping portion is not working for me. This is tested on a
RHEL 6.3 client and server.
The rule I have:
Rule name: Developers staff_U
SELinux User: staff_u:s0-s0:c0.c1023
Description: Confines developers on dev machines to the staff_u role,
allowing them to run sudo.
Enabled: TRUE
User Groups: developers
Host Groups: developer_systems
What this rule seems to say, at least to me, is members of the
developers groups, on a system in the developer_systems group, should be
mapped to staff_u.
However when logging in as a test user that is a member of that group,
on a member host of the developer_systems group, id -Z lists the user as
unconfined: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Is there some modification to the sssd config that needs to be made, or
possibly something in PAM?
Thanks,
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120828/39948af6/attachment.sig>
More information about the Freeipa-users
mailing list