IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add sysadm_r to default SELinux user map order

Browse Source 
It is a standard SELinux user role included in RHEL (like
user_r, staff_r, guest_r) and used quite often.

Fixes: https://pagure.io/freeipa/issue/7658
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
François Cami 2018-11-09 17:30:32 +01:00 committed by Rob Crittenden
parent 60a31d3f0e
commit 044ffe0dd0
3 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
install/share/bootstrap-template.ldif
View File

@ -411,7 +411,7 @@ ipaDefaultEmailDomain: $DOMAIN
ipaMigrationEnabled: FALSE ipaMigrationEnabled: FALSE
ipaConfigString: AllowNThash ipaConfigString: AllowNThash
ipaConfigString: KDC:Disable Last Success ipaConfigString: KDC:Disable Last Success
ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$sysadm_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023 ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
dn: cn=cosTemplates,cn=accounts,$SUFFIX dn: cn=cosTemplates,cn=accounts,$SUFFIX

2
install/ui/test/data/ipa_init.json
View File

@ -36,7 +36,7 @@
"ipausers" "ipausers"
], ],
"ipaselinuxusermaporder" : [ "ipaselinuxusermaporder" : [
"guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023" "guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023"
], ],
"ca_renewal_master_server" : [ "ca_renewal_master_server" : [
"vm.example.com" "vm.example.com"

8
ipatests/test_xmlrpc/test_config_plugin.py
View File

@ -148,8 +148,12 @@ class test_config(Declarative):
dict( dict(
desc='Try to set new selinux order and invalid default user', desc='Try to set new selinux order and invalid default user',
command=('config_mod', [], command=(
dict(ipaselinuxusermaporder=u'xguest_u:s0$guest_u:s0$user_u:s0-s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023', 'config_mod', [],
dict(
ipaselinuxusermaporder=u'xguest_u:s0$guest_u:s0'
u'$user_u:s0-s0:c0.c1023$staff_u:s0-s0:c0.c1023'
u'$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023',
ipaselinuxusermapdefault=u'unknown_u:s0')), ipaselinuxusermapdefault=u'unknown_u:s0')),
expected=errors.ValidationError(name='ipaselinuxusermapdefault', expected=errors.ValidationError(name='ipaselinuxusermapdefault',
error='SELinux user map default user not in order list'), error='SELinux user map default user not in order list'),