Add managed read permission for SELinux user map

Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 Reviewed-By: Martin Kosek <mkosek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-03-26 17:52:28 +01:00 · 2014-03-26 17:52:28 +01:00 · 3db9ce3204
commit 3db9ce3204
parent c97e1d96e3
1 changed files with 14 additions and 0 deletions
--- a/ipalib/plugins/selinuxusermap.py
+++ b/ipalib/plugins/selinuxusermap.py
@ -134,6 +134,7 @@ class selinuxusermap(LDAPObject):
    object_name = _('SELinux User Map rule')
    object_name_plural = _('SELinux User Map rules')
    object_class = ['ipaassociation', 'ipaselinuxusermap']
+    permission_filter_objectclasses = ['ipaselinuxusermap']
    default_attributes = [
        'cn', 'ipaenabledflag',
        'description', 'usercategory', 'hostcategory',
@ -146,6 +147,19 @@ class selinuxusermap(LDAPObject):
        'memberuser': ['user', 'group'],
        'memberhost': ['host', 'hostgroup'],
    }
+    managed_permissions = {
+        'System: Read SELinux User Maps': {
+            'replaces_global_anonymous_aci': True,
+            'ipapermbindruletype': 'all',
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'accesstime', 'cn', 'description', 'hostcategory',
+                'ipaenabledflag', 'ipaselinuxuser', 'ipauniqueid',
+                'memberhost', 'memberuser', 'seealso', 'usercategory',
+                'objectclass',
+            },
+        },
+    }

    # These maps will not show as members of other entries