I am hoping I haven't missed something here, but it appears that the SELinux user mapping portion is not working for me. This is tested on a RHEL 6.3 client and server.
The rule I have: Rule name: Developers staff_U SELinux User: staff_u:s0-s0:c0.c1023 Description: Confines developers on dev machines to the staff_u role, allowing them to run sudo. Enabled: TRUE User Groups: developers Host Groups: developer_systems What this rule seems to say, at least to me, is members of the developers groups, on a system in the developer_systems group, should be mapped to staff_u. However when logging in as a test user that is a member of that group, on a member host of the developer_systems group, id -Z lists the user as unconfined: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Is there some modification to the sssd config that needs to be made, or possibly something in PAM? Thanks, -Erinn
Description: OpenPGP digital signature
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users