From 55512dc938eb4a9a6655e473beab587e340af55c Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 23 Nov 2011 16:59:21 -0500
Subject: Add SELinux user mapping framework.

This will allow one to define what SELinux context a given user gets
on a given machine. A rule can contain a set of users and hosts or it
can point to an existing HBAC rule that defines them.

https://fedorahosted.org/freeipa/ticket/755
---
 install/share/bootstrap-template.ldif | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'install/share/bootstrap-template.ldif')

diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index fbad4abaa..4f6bc3c97 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -346,6 +346,8 @@ ipaUserObjectClasses: ipaobject
 ipaDefaultEmailDomain: $DOMAIN
 ipaMigrationEnabled: FALSE
 ipaConfigString: AllowNThash
+ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
+ipaSELinuxUserMapDefault: guest_u:s0
 
 dn: cn=cosTemplates,cn=accounts,$SUFFIX
 changetype: add
@@ -364,3 +366,16 @@ objectClass: cosClassicDefinition
 cosTemplateDn: cn=cosTemplates,cn=accounts,$SUFFIX
 cosAttribute: krbPwdPolicyReference override
 cosSpecifier: memberOf
+
+dn: cn=selinux,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: nsContainer
+cn: selinux
+
+dn: cn=usermap,cn=selinux,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: nsContainer
+cn: usermap
+
-- 
cgit