I am hoping I haven't missed something here, but it appears that the
SELinux user mapping portion is not working for me. This is tested on a
RHEL 6.3 client and server.

The rule I have:

  Rule name: Developers staff_U
  SELinux User: staff_u:s0-s0:c0.c1023
  Description: Confines developers on dev machines to the staff_u role,
allowing them to run sudo.
  Enabled: TRUE
  User Groups: developers
  Host Groups: developer_systems

What this rule seems to say, at least to me, is members of the
developers groups, on a system in the developer_systems group, should be
mapped to staff_u.

However when logging in as a test user that is a member of that group,
on a member host of the developer_systems group, id -Z lists the user as
unconfined: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Is there some modification to the sssd config that needs to be made, or
possibly something in PAM?



Attachment: signature.asc
Description: OpenPGP digital signature

Freeipa-users mailing list

Reply via email to