summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2012-11-01 10:13:01 -0400
committerRob Crittenden <rcritten@redhat.com>2012-11-02 10:17:51 -0400
commit7c2eb48850de6eae7cce521053586a5d48c3d12e (patch)
treef0871016d831ffbbe6e26ab954ff3a14ba0a93ca
parent85a0cdeb696c9c1d1c50fa43b87ffe8d6d8e3ae6 (diff)
downloadfreeipa-7c2eb48850de6eae7cce521053586a5d48c3d12e.tar.gz
freeipa-7c2eb48850de6eae7cce521053586a5d48c3d12e.tar.xz
freeipa-7c2eb48850de6eae7cce521053586a5d48c3d12e.zip
Set MLS/MCS for user_u context to what will be on remote systems.
The user_u context in the default list was broader than is actually configured by default on systems. https://fedorahosted.org/freeipa/ticket/3224
-rw-r--r--install/share/bootstrap-template.ldif2
-rw-r--r--install/updates/50-ipaconfig.update2
2 files changed, 2 insertions, 2 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index a17f2518f..bf7de3489 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -381,7 +381,7 @@ ipaUserObjectClasses: ipasshuser
ipaDefaultEmailDomain: $DOMAIN
ipaMigrationEnabled: FALSE
ipaConfigString: AllowNThash
-ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
+ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
dn: cn=cosTemplates,cn=accounts,$SUFFIX
diff --git a/install/updates/50-ipaconfig.update b/install/updates/50-ipaconfig.update
index 0992db4ec..69783f132 100644
--- a/install/updates/50-ipaconfig.update
+++ b/install/updates/50-ipaconfig.update
@@ -1,5 +1,5 @@
dn: cn=ipaConfig,cn=etc,$SUFFIX
-add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
+add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
add:ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
add:ipaUserObjectClasses: ipasshuser