From 0086a3f5c3b744d7944b7235204c82139208de39 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 9 Feb 2012 16:52:07 -0500 Subject: Add update files for SELinuxUserMap https://fedorahosted.org/freeipa/ticket/2344 --- install/updates/10-selinuxusermap.update | 50 ++++++++++++++++++++++++++++++++ install/updates/50-ipaconfig.update | 4 +-- install/updates/Makefile.am | 1 + 3 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 install/updates/10-selinuxusermap.update diff --git a/install/updates/10-selinuxusermap.update b/install/updates/10-selinuxusermap.update new file mode 100644 index 000000000..431477adf --- /dev/null +++ b/install/updates/10-selinuxusermap.update @@ -0,0 +1,50 @@ +# Add the SELinux User map config schema +dn: cn=schema +add:attributeTypes: + ( 2.16.840.1.113730.3.8.3.26 + NAME 'ipaSELinuxUserMapDefault' + DESC 'Default SELinux user' + EQUALITY caseIgnoreMatch + ORDERING caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'IPA v3') +add:attributeTypes: + ( 2.16.840.1.113730.3.8.3.27 + NAME 'ipaSELinuxUserMapOrder' + DESC 'Available SELinux user context ordering' + EQUALITY caseIgnoreMatch + ORDERING caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'IPA v3') + X-ORIGIN 'IPA v3') +replace:objectClasses:( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase ) )::( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder) ) + +# Add the SELinux User map schema +add:attributeTypes: + ( 2.16.840.1.113730.3.8.11.30 + NAME 'ipaSELinuxUser' + DESC 'An SELinux user' + EQUALITY caseIgnoreMatch + ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + X-ORIGIN 'IPA v3') +add:objectClasses: + ( 2.16.840.1.113730.3.8.12.10 + NAME 'ipaSELinuxUserMap' SUP ipaAssociation + STRUCTURAL MUST ipaSELinuxUser + MAY ( accessTime $$ seeAlso ) + +# Create the SELinux User map container +dn: cn=selinux,$SUFFIX +default:objectClass: top +default:objectClass: nsContainer +default:cn: selinux + +dn: cn=usermap,cn=selinux,$SUFFIX +default:objectClass: top +default:objectClass: nsContainer +default:cn: usermap + diff --git a/install/updates/50-ipaconfig.update b/install/updates/50-ipaconfig.update index 40ce93358..b08df1806 100644 --- a/install/updates/50-ipaconfig.update +++ b/install/updates/50-ipaconfig.update @@ -1,5 +1,5 @@ dn: cn=ipaConfig,cn=etc,$SUFFIX -default:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 -default:ipaSELinuxUserMapDefault: guest_u:s0 +add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 +add:ipaSELinuxUserMapDefault: guest_u:s0 add:ipaUserObjectClasses: ipasshuser diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 89d5aa128..840e934b9 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -6,6 +6,7 @@ app_DATA = \ 10-RFC2307bis.update \ 10-RFC4876.update \ 10-config.update \ + 10-selinuxusermap.update \ 10-sudo.update \ 10-ssh.update \ 19-managed-entries.update \ -- cgit