diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-03-26 17:52:28 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-04-11 10:28:06 +0200 |
| commit | 3db9ce320422a6cc57e1767a1e0cbf06d950a67e (patch) | |
| tree | c7151a2a95c34dc0ddb42d6a8e68e019cfd2d234 | |
| parent | c97e1d96e370cf874ffb873c45369f2960743393 (diff) | |
| download | freeipa-3db9ce320422a6cc57e1767a1e0cbf06d950a67e.tar.gz freeipa-3db9ce320422a6cc57e1767a1e0cbf06d950a67e.tar.xz freeipa-3db9ce320422a6cc57e1767a1e0cbf06d950a67e.zip | |
Add managed read permission for SELinux user map
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
| -rw-r--r-- | ipalib/plugins/selinuxusermap.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/ipalib/plugins/selinuxusermap.py b/ipalib/plugins/selinuxusermap.py index 3f26b16d0..04a37bd0d 100644 --- a/ipalib/plugins/selinuxusermap.py +++ b/ipalib/plugins/selinuxusermap.py @@ -134,6 +134,7 @@ class selinuxusermap(LDAPObject): object_name = _('SELinux User Map rule') object_name_plural = _('SELinux User Map rules') object_class = ['ipaassociation', 'ipaselinuxusermap'] + permission_filter_objectclasses = ['ipaselinuxusermap'] default_attributes = [ 'cn', 'ipaenabledflag', 'description', 'usercategory', 'hostcategory', @@ -146,6 +147,19 @@ class selinuxusermap(LDAPObject): 'memberuser': ['user', 'group'], 'memberhost': ['host', 'hostgroup'], } + managed_permissions = { + 'System: Read SELinux User Maps': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'accesstime', 'cn', 'description', 'hostcategory', + 'ipaenabledflag', 'ipaselinuxuser', 'ipauniqueid', + 'memberhost', 'memberuser', 'seealso', 'usercategory', + 'objectclass', + }, + }, + } # These maps will not show as members of other entries |