Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sysadm_r to default SELinux user map order #2544

Closed
wants to merge 1 commit into from
Closed

Add sysadm_r to default SELinux user map order #2544

wants to merge 1 commit into from

Conversation

fcami
Copy link
Contributor

@fcami fcami commented Nov 9, 2018

It is a standard SELinux user role included in RHEL (like
user_r, staff_r, guest_r) and used quite often.

See: https://pagure.io/freeipa/issue/7658

So far the upgrade process is not covered, only new install.
I suppose a file like ./install/updates/50-ipaconfig.update has to be created for upgrades to be covered.

Without the change to the ldif:
SELinux user map order:
guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
New install with the change to the ldif:
SELinux user map order:
guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023

@rcritten
Copy link
Contributor

rcritten commented Nov 9, 2018

./ipatests/test_xmlrpc/test_config_plugin.py:152:17: E128 continuation line under-indented for visual indent

@rcritten rcritten added the re-run Trigger a new run of PR-CI label Nov 9, 2018
@rcritten rcritten self-assigned this Nov 9, 2018
@freeipa-pr-ci freeipa-pr-ci removed the re-run Trigger a new run of PR-CI label Nov 9, 2018
@pvoborni pvoborni added the re-run Trigger a new run of PR-CI label Nov 9, 2018
@freeipa-pr-ci freeipa-pr-ci removed the re-run Trigger a new run of PR-CI label Nov 9, 2018
@fcami
Add sysadm_r to default SELinux user map order
950e10b 
It is a standard SELinux user role included in RHEL (like
user_r, staff_r, guest_r) and used quite often.

Fixes: https://pagure.io/freeipa/issue/7658
Signed-off-by: François Cami <fcami@redhat.com>
@netoarmando netoarmando added the re-run Trigger a new run of PR-CI label Nov 9, 2018
@freeipa-pr-ci freeipa-pr-ci removed the re-run Trigger a new run of PR-CI label Nov 9, 2018
@rcritten
Copy link
Contributor

rcritten commented Nov 9, 2018

Looks good, ack.

@rcritten rcritten added ack Pull Request approved, can be merged ipa-4-7 pushed Pull Request has already been pushed labels Nov 9, 2018
@rcritten
Copy link
Contributor

rcritten commented Nov 9, 2018

master:

  • 044ffe0 Add sysadm_r to default SELinux user map order

@rcritten rcritten closed this Nov 9, 2018
@rcritten rcritten mentioned this pull request Nov 9, 2018
Closed
@flo-renaud flo-renaud mentioned this pull request Mar 28, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rcritten rcritten

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
5 participants
@fcami @rcritten @netoarmando @pvoborni @freeipa-pr-ci