Add update files for SELinuxUserMap

https://fedorahosted.org/freeipa/ticket/2344
2025-02-25 18:55:28 -06:00 · 2012-02-09 16:52:07 -05:00 · 2012-02-09 16:52:07 -05:00 · 0086a3f5c3
commit 0086a3f5c3
parent 8ad295a554
3 changed files with 53 additions and 2 deletions
--- a/install/updates/10-selinuxusermap.update
+++ b/install/updates/10-selinuxusermap.update
@ -0,0 +1,50 @@
+# Add the SELinux User map config schema
+dn: cn=schema
+add:attributeTypes:
+   ( 2.16.840.1.113730.3.8.3.26
+     NAME 'ipaSELinuxUserMapDefault'
+     DESC 'Default SELinux user'
+     EQUALITY caseIgnoreMatch
+     ORDERING caseIgnoreMatch
+     SUBSTR caseIgnoreSubstringsMatch
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+     X-ORIGIN 'IPA v3')
+add:attributeTypes:
+   ( 2.16.840.1.113730.3.8.3.27
+     NAME 'ipaSELinuxUserMapOrder'
+     DESC 'Available SELinux user context ordering'
+     EQUALITY caseIgnoreMatch
+     ORDERING caseIgnoreMatch
+     SUBSTR caseIgnoreSubstringsMatch
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+     X-ORIGIN 'IPA v3')
+     X-ORIGIN 'IPA v3')
+replace:objectClasses:( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase ) )::( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder) )
+
+# Add the SELinux User map schema
+add:attributeTypes:
+   ( 2.16.840.1.113730.3.8.11.30
+     NAME 'ipaSELinuxUser'
+     DESC 'An SELinux user'
+     EQUALITY caseIgnoreMatch
+     ORDERING caseIgnoreOrderingMatch
+     SUBSTR caseIgnoreSubstringsMatch
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+     X-ORIGIN 'IPA v3')
+add:objectClasses:
+   ( 2.16.840.1.113730.3.8.12.10
+     NAME 'ipaSELinuxUserMap' SUP ipaAssociation
+     STRUCTURAL MUST ipaSELinuxUser
+     MAY ( accessTime $$ seeAlso )
+
+# Create the SELinux User map container
+dn: cn=selinux,$SUFFIX
+default:objectClass: top
+default:objectClass: nsContainer
+default:cn: selinux
+
+dn: cn=usermap,cn=selinux,$SUFFIX
+default:objectClass: top
+default:objectClass: nsContainer
+default:cn: usermap
+
--- a/install/updates/50-ipaconfig.update
+++ b/install/updates/50-ipaconfig.update
@ -1,5 +1,5 @@
 dn: cn=ipaConfig,cn=etc,$SUFFIX
-default:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
-default:ipaSELinuxUserMapDefault: guest_u:s0
+add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
+add:ipaSELinuxUserMapDefault: guest_u:s0

 add:ipaUserObjectClasses: ipasshuser
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@ -6,6 +6,7 @@ app_DATA =				\
 	10-RFC2307bis.update		\
 	10-RFC4876.update		\
 	10-config.update		\
+	10-selinuxusermap.update	\
 	10-sudo.update			\
 	10-ssh.update			\
 	19-managed-entries.update	\