diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-11-23 16:59:21 -0500 |
---|---|---|
committer | Alexander Bokovoy <abokovoy@redhat.com> | 2011-12-09 16:46:25 +0200 |
commit | 55512dc938eb4a9a6655e473beab587e340af55c (patch) | |
tree | 27805ce2bcbd5b9fbb759cfab781ad3575a83792 /ipalib/plugins/hbacrule.py | |
parent | a1c9e3618c9d0e03fc926031f2c65d92da7a8b03 (diff) | |
download | freeipa-55512dc938eb4a9a6655e473beab587e340af55c.tar.gz freeipa-55512dc938eb4a9a6655e473beab587e340af55c.tar.xz freeipa-55512dc938eb4a9a6655e473beab587e340af55c.zip |
Add SELinux user mapping framework.
This will allow one to define what SELinux context a given user gets
on a given machine. A rule can contain a set of users and hosts or it
can point to an existing HBAC rule that defines them.
https://fedorahosted.org/freeipa/ticket/755
Diffstat (limited to 'ipalib/plugins/hbacrule.py')
-rw-r--r-- | ipalib/plugins/hbacrule.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index f9f04529f..92b656d66 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -239,6 +239,14 @@ class hbacrule_del(LDAPDelete): msg_summary = _('Deleted HBAC rule "%(value)s"') + def pre_callback(self, ldap, dn, *keys, **options): + kw = dict(seealso=dn) + _entries = api.Command.selinuxusermap_find(None, **kw) + if _entries['count']: + raise errors.DependentEntry(key=keys[0], label=self.api.Object['selinuxusermap'].label_singular, dependent=_entries['result'][0]['cn'][0]) + + return dn + api.register(hbacrule_del) |