sudorule: add SELinux transition examples to plugin doc

It is not obvious how to add SELinux type and role transitions to a Sudo rule. Update the 'sudorule' plugin documentation with examples of how to do this. Fixes: https://fedorahosted.org/freeipa/ticket/3461 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2016-09-23 16:43:19 +1000
committer: Martin Basti <mbasti@redhat.com> 2016-09-23 14:59:43 +0200
commit: ff490b6c403f9fe14fcc2d1558c43dae5b80f493 (patch)
tree: e43b4bf0a97e0d324ae33895ab1a9ff67746adf0 /ipaserver/plugins/sudorule.py
parent: 9b68d2a1f858854bc3cf2d6024f3fd3d79c2f696 (diff)
download: freeipa-ff490b6c403f9fe14fcc2d1558c43dae5b80f493.tar.gz
freeipa-ff490b6c403f9fe14fcc2d1558c43dae5b80f493.tar.xz
freeipa-ff490b6c403f9fe14fcc2d1558c43dae5b80f493.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/ipaserver/plugins/sudorule.py b/ipaserver/plugins/sudorule.py
index 15d03c659..90771072a 100644
--- a/ipaserver/plugins/sudorule.py
+++ b/ipaserver/plugins/sudorule.py
@@ -88,6 +88,10 @@ EXAMPLES:
 """) + _("""
  Set a default Sudo option:
    ipa sudorule-add-option defaults --sudooption '!authenticate'
+""") + _("""
+ Set SELinux type and role transitions on a rule:
+   ipa sudorule-add-option sysadmin_sudo --sudooption type=unconfined_t
+   ipa sudorule-add-option sysadmin_sudo --sudooption role=unconfined_r
 """)
 
 register = Registry()
author	Fraser Tweedale <ftweedal@redhat.com>	2016-09-23 16:43:19 +1000
committer	Martin Basti <mbasti@redhat.com>	2016-09-23 14:59:43 +0200
commit	ff490b6c403f9fe14fcc2d1558c43dae5b80f493 (patch)
tree	e43b4bf0a97e0d324ae33895ab1a9ff67746adf0 /ipaserver/plugins/sudorule.py
parent	9b68d2a1f858854bc3cf2d6024f3fd3d79c2f696 (diff)
download	freeipa-ff490b6c403f9fe14fcc2d1558c43dae5b80f493.tar.gz freeipa-ff490b6c403f9fe14fcc2d1558c43dae5b80f493.tar.xz freeipa-ff490b6c403f9fe14fcc2d1558c43dae5b80f493.zip