Add SELinux user mapping framework.

This will allow one to define what SELinux context a given user gets on a given machine. A rule can contain a set of users and hosts or it can point to an existing HBAC rule that defines them. https://fedorahosted.org/freeipa/ticket/755
author: Rob Crittenden <rcritten@redhat.com> 2011-11-23 16:59:21 -0500
committer: Alexander Bokovoy <abokovoy@redhat.com> 2011-12-09 16:46:25 +0200
commit: 55512dc938eb4a9a6655e473beab587e340af55c (patch)
tree: 27805ce2bcbd5b9fbb759cfab781ad3575a83792 /ipalib/plugins/hbacrule.py
parent: a1c9e3618c9d0e03fc926031f2c65d92da7a8b03 (diff)
download: freeipa-55512dc938eb4a9a6655e473beab587e340af55c.tar.gz
freeipa-55512dc938eb4a9a6655e473beab587e340af55c.tar.xz
freeipa-55512dc938eb4a9a6655e473beab587e340af55c.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
index f9f04529f..92b656d66 100644
--- a/ipalib/plugins/hbacrule.py
+++ b/ipalib/plugins/hbacrule.py
@@ -239,6 +239,14 @@ class hbacrule_del(LDAPDelete):
 
     msg_summary = _('Deleted HBAC rule "%(value)s"')
 
+    def pre_callback(self, ldap, dn, *keys, **options):
+        kw = dict(seealso=dn)
+        _entries = api.Command.selinuxusermap_find(None, **kw)
+        if _entries['count']:
+            raise errors.DependentEntry(key=keys[0], label=self.api.Object['selinuxusermap'].label_singular, dependent=_entries['result'][0]['cn'][0])
+
+        return dn
+
 api.register(hbacrule_del)
author	Rob Crittenden <rcritten@redhat.com>	2011-11-23 16:59:21 -0500
committer	Alexander Bokovoy <abokovoy@redhat.com>	2011-12-09 16:46:25 +0200
commit	55512dc938eb4a9a6655e473beab587e340af55c (patch)
tree	27805ce2bcbd5b9fbb759cfab781ad3575a83792 /ipalib/plugins/hbacrule.py
parent	a1c9e3618c9d0e03fc926031f2c65d92da7a8b03 (diff)
download	freeipa-55512dc938eb4a9a6655e473beab587e340af55c.tar.gz freeipa-55512dc938eb4a9a6655e473beab587e340af55c.tar.xz freeipa-55512dc938eb4a9a6655e473beab587e340af55c.zip