Set SELinux default context to unconfined_u:s0-s0:c0.c1023

Don't require ipaselinuxdefaultuser to be set. If this is unset then SSSD will use the system default. https://fedorahosted.org/freeipa/ticket/3045
2025-02-25 18:55:28 -06:00 · 2012-09-10 17:07:54 -04:00
parent 46f09fb8cc
commit 79b90d1465
3 changed files with 8 additions and 5 deletions
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -185,7 +185,7 @@ class config(LDAPObject):
            label=_('SELinux user map order'),
            doc=_('Order in increasing priority of SELinux users, delimited by $'),
        ),
-        Str('ipaselinuxusermapdefault',
+        Str('ipaselinuxusermapdefault?',
            label=_('Default SELinux user'),
            doc=_('Default SELinux user when no match is found in SELinux map rule'),
        ),
@@ -274,7 +274,10 @@ class config_mod(LDAPUpdate):
                failedattr = 'ipaselinuxusermapdefault'
            else:
                config = ldap.get_ipa_config()[1]
-                defaultuser = config['ipaselinuxusermapdefault'][0]
+                if 'ipaselinuxusermapdefault' in config:
+                    defaultuser = config['ipaselinuxusermapdefault'][0]
+                else:
+                    defaultuser = None

            if 'ipaselinuxusermaporder' in validate:
                order = validate['ipaselinuxusermaporder']
@@ -284,7 +287,7 @@ class config_mod(LDAPUpdate):
                    config = ldap.get_ipa_config()[1]
                order = config['ipaselinuxusermaporder']
                userlist = order[0].split('$')
-            if defaultuser not in userlist:
+            if defaultuser and defaultuser not in userlist:
                raise errors.ValidationError(name=failedattr,
                    error=_('SELinux user map default user not in order list'))