Learn more about these different git repos.
Other Git URLs
Dan looked into the user mapping and here is one thing he found:
[16:55] dwalsh Ok the code expects SERVICE:USER:LEVEL
[16:56] dwalsh *:user_u:s0-s0:c0.c1023
[16:56] dwalsh Would be the correct format
The file that sssd wrote out was missing the service part and just had the user/level portions.
I think using * now for all services is fine. The IPA SELinux user maps do not have the concept of services so by implication it applies to all.
milestone: NEEDS_TRIAGE => SSSD 1.9.0
rhbz: => 0
owner: somebody => jzeleny
status: new => assigned
patch: 0 => 1
This build works with a single user map: sssd-1.8.93-0.20120618T1837Zgitbb79e75.fc17
Multiple maps still ends up with a mal-formatted logins file:
It should probably just write out a single entry which represents the best match for that user based on the selinux user map rules since this is going to match all services.
Yes, the algorithm is in fact supposed to write out just one user map. Could you please describe how to reproduce this issue, i.e. how to get multiple maps in the file? Thanks
I just created three rules that woudl match the use I'm logging in as. I wanted to test that the correct rule would be applied:
Rule name: test_all
SELinux User: unconfined_u:s0-s0:c0.c1023
User category: all
Host category: all
Rule name: test_tuser1_pinto
SELinux User: staff_u:s0-s0:c0.c1023
Rule name: test_user
SELinux User: user_u:s0-s0:c0.c1023
Host category: all
Users: tuser1, tuser2
Number of entries returned 3
So in this case when logging into pinto as tuser1 the context should be staff_u:s0-s0:c0.c1023 (most specific user and host).
milestone: SSSD 1.9.0 => SSSD 1.9.0 beta 4
Jan is on vacation. Picking up.
owner: jzeleny => jhrozek
status: assigned => new
component: SSSD => SELinux
milestone: SSSD 1.9.0 beta 4 => SSSD 1.9.0 beta 5
Jan sent the patch after all.
owner: jhrozek => jzeleny
resolution: => fixed
status: new => closed
Metadata Update from @rcritten:
- Issue assigned to jzeleny
- Issue set to the milestone: SSSD 1.9.0 beta 5
to comment on this ticket.