subject:"\[Freeipa\-devel\] \[PATCH\] 1070 change user

[Freeipa-devel] [PATCH] 1070 change user_u context in list

2012-11-01 Thread Rob Crittenden

The default user_u context in the selnux user map list didn't match what 
is actually the selinux default context. This could be confusing, so 
change it to match what systems will have.


rob
From ccfabc84a08020917b2c744661e64a51cb1bca53 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 1 Nov 2012 10:13:01 -0400
Subject: [PATCH] Set MLS/MCS for user_u context to what will be on remote
 systems.

The user_u context in the default list was broader than is actually
configured by default on systems.

https://fedorahosted.org/freeipa/ticket/3224
---
 install/share/bootstrap-template.ldif | 2 +-
 install/updates/50-ipaconfig.update   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index a17f2518fce89232e6339fa1fdce508dd2c8f45c..bf7de348933433c82617f4acf33b7093e76ac959 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -381,7 +381,7 @@ ipaUserObjectClasses: ipasshuser
 ipaDefaultEmailDomain: $DOMAIN
 ipaMigrationEnabled: FALSE
 ipaConfigString: AllowNThash
-ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
+ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
 ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
 
 dn: cn=cosTemplates,cn=accounts,$SUFFIX
diff --git a/install/updates/50-ipaconfig.update b/install/updates/50-ipaconfig.update
index 0992db4ec92c3cc254bf8d05892dd4abd9988d8c..69783f13261cfd969d37fdd0e00f2adf8bd66355 100644
--- a/install/updates/50-ipaconfig.update
+++ b/install/updates/50-ipaconfig.update
@@ -1,5 +1,5 @@
 dn: cn=ipaConfig,cn=etc,$SUFFIX
-add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
+add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
 add:ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
 
 add:ipaUserObjectClasses: ipasshuser
-- 
1.7.11.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 1070 change user_u context in list

2012-11-01 Thread Simo Sorce

On Thu, 2012-11-01 at 10:34 -0400, Rob Crittenden wrote:
 The default user_u context in the selnux user map list didn't match what 
 is actually the selinux default context. This could be confusing, so 
 change it to match what systems will have.


ACK.
Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 1070 change user_u context in list

Re: [Freeipa-devel] [PATCH] 1070 change user_u context in list

2 matches

Site Navigation

Mail list logo

Footer information