URL: https://github.com/freeipa/freeipa/pull/109
Author: frasertweedale
 Title: #109: sudorule: add SELinux transition examples to plugin doc
Action: opened

PR body:
"""
It is not obvious how to add SELinux type and role transitions to a
Sudo rule.  Update the 'sudorule' plugin documentation with examples
of how to do this.

Fixes: https://fedorahosted.org/freeipa/ticket/3461
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/109/head:pr109
git checkout pr109
From 76a3bd068db039834c9d497c69948bf27a8e25da Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Fri, 23 Sep 2016 16:43:19 +1000
Subject: [PATCH] sudorule: add SELinux transition examples to plugin doc

It is not obvious how to add SELinux type and role transitions to a
Sudo rule.  Update the 'sudorule' plugin documentation with examples
of how to do this.

Fixes: https://fedorahosted.org/freeipa/ticket/3461
---
 ipaserver/plugins/sudorule.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipaserver/plugins/sudorule.py b/ipaserver/plugins/sudorule.py
index 15d03c6..9077107 100644
--- a/ipaserver/plugins/sudorule.py
+++ b/ipaserver/plugins/sudorule.py
@@ -88,6 +88,10 @@
 """) + _("""
  Set a default Sudo option:
    ipa sudorule-add-option defaults --sudooption '!authenticate'
+""") + _("""
+ Set SELinux type and role transitions on a rule:
+   ipa sudorule-add-option sysadmin_sudo --sudooption type=unconfined_t
+   ipa sudorule-add-option sysadmin_sudo --sudooption role=unconfined_r
 """)
 
 register = Registry()
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to