diff options
| -rw-r--r-- | ipalib/plugins/selinuxusermap.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/ipalib/plugins/selinuxusermap.py b/ipalib/plugins/selinuxusermap.py index 3f26b16d0..04a37bd0d 100644 --- a/ipalib/plugins/selinuxusermap.py +++ b/ipalib/plugins/selinuxusermap.py @@ -134,6 +134,7 @@ class selinuxusermap(LDAPObject): object_name = _('SELinux User Map rule') object_name_plural = _('SELinux User Map rules') object_class = ['ipaassociation', 'ipaselinuxusermap'] + permission_filter_objectclasses = ['ipaselinuxusermap'] default_attributes = [ 'cn', 'ipaenabledflag', 'description', 'usercategory', 'hostcategory', @@ -146,6 +147,19 @@ class selinuxusermap(LDAPObject): 'memberuser': ['user', 'group'], 'memberhost': ['host', 'hostgroup'], } + managed_permissions = { + 'System: Read SELinux User Maps': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'accesstime', 'cn', 'description', 'hostcategory', + 'ipaenabledflag', 'ipaselinuxuser', 'ipauniqueid', + 'memberhost', 'memberuser', 'seealso', 'usercategory', + 'objectclass', + }, + }, + } # These maps will not show as members of other entries |