diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2012-09-10 17:07:54 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-09-13 12:35:55 +0200 |
| commit | 29a5d16b2dbc87a959dc953cfd48d584408c07a7 (patch) | |
| tree | 8d96970a4b308af9b8bd50d80d1d91db2fd6f63d | |
| parent | 0dd1fa49136e3ffc761a27c3b334b48d3cefe1d6 (diff) | |
| download | freeipa.git-29a5d16b2dbc87a959dc953cfd48d584408c07a7.tar.gz freeipa.git-29a5d16b2dbc87a959dc953cfd48d584408c07a7.tar.xz freeipa.git-29a5d16b2dbc87a959dc953cfd48d584408c07a7.zip | |
Set SELinux default context to unconfined_u:s0-s0:c0.c1023
Don't require ipaselinuxdefaultuser to be set. If this is unset then
SSSD will use the system default.
https://fedorahosted.org/freeipa/ticket/3045
| -rw-r--r-- | install/share/bootstrap-template.ldif | 2 | ||||
| -rw-r--r-- | install/updates/50-ipaconfig.update | 2 | ||||
| -rw-r--r-- | ipalib/plugins/config.py | 9 |
3 files changed, 8 insertions, 5 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index aac3f059..24804e47 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -383,7 +383,7 @@ ipaDefaultEmailDomain: $DOMAIN ipaMigrationEnabled: FALSE ipaConfigString: AllowNThash ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 -ipaSELinuxUserMapDefault: guest_u:s0 +ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023 dn: cn=cosTemplates,cn=accounts,$SUFFIX changetype: add diff --git a/install/updates/50-ipaconfig.update b/install/updates/50-ipaconfig.update index b08df180..0992db4e 100644 --- a/install/updates/50-ipaconfig.update +++ b/install/updates/50-ipaconfig.update @@ -1,5 +1,5 @@ dn: cn=ipaConfig,cn=etc,$SUFFIX add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 -add:ipaSELinuxUserMapDefault: guest_u:s0 +add:ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023 add:ipaUserObjectClasses: ipasshuser diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index ef0fd79f..e02519d5 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -185,7 +185,7 @@ class config(LDAPObject): label=_('SELinux user map order'), doc=_('Order in increasing priority of SELinux users, delimited by $'), ), - Str('ipaselinuxusermapdefault', + Str('ipaselinuxusermapdefault?', label=_('Default SELinux user'), doc=_('Default SELinux user when no match is found in SELinux map rule'), ), @@ -274,7 +274,10 @@ class config_mod(LDAPUpdate): failedattr = 'ipaselinuxusermapdefault' else: config = ldap.get_ipa_config()[1] - defaultuser = config['ipaselinuxusermapdefault'][0] + if 'ipaselinuxusermapdefault' in config: + defaultuser = config['ipaselinuxusermapdefault'][0] + else: + defaultuser = None if 'ipaselinuxusermaporder' in validate: order = validate['ipaselinuxusermaporder'] @@ -284,7 +287,7 @@ class config_mod(LDAPUpdate): config = ldap.get_ipa_config()[1] order = config['ipaselinuxusermaporder'] userlist = order[0].split('$') - if defaultuser not in userlist: + if defaultuser and defaultuser not in userlist: raise errors.ValidationError(name=failedattr, error=_('SELinux user map default user not in order list')) |