From ff490b6c403f9fe14fcc2d1558c43dae5b80f493 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Fri, 23 Sep 2016 16:43:19 +1000 Subject: [PATCH] sudorule: add SELinux transition examples to plugin doc It is not obvious how to add SELinux type and role transitions to a Sudo rule. Update the 'sudorule' plugin documentation with examples of how to do this. Fixes: https://fedorahosted.org/freeipa/ticket/3461 Reviewed-By: Tomas Krizek --- ipaserver/plugins/sudorule.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ipaserver/plugins/sudorule.py b/ipaserver/plugins/sudorule.py index 15d03c659..90771072a 100644 --- a/ipaserver/plugins/sudorule.py +++ b/ipaserver/plugins/sudorule.py @@ -88,6 +88,10 @@ EXAMPLES: """) + _(""" Set a default Sudo option: ipa sudorule-add-option defaults --sudooption '!authenticate' +""") + _(""" + Set SELinux type and role transitions on a rule: + ipa sudorule-add-option sysadmin_sudo --sudooption type=unconfined_t + ipa sudorule-add-option sysadmin_sudo --sudooption role=unconfined_r """) register = Registry()