Learn more about these different git repos.
Other Git URLs
The SELinux evaluator in the PAM responder uses the default SELinux user from the IPA server when no rules match, even when there are in fact no rules on the server.
This is wrong, because all users in the default IPA configuration would get the very restricted guest_u context. guest_u is not able, for instance, to run any setuid programs.
In case there are no rules on the IPA server, we must simply avoid generating the login file. That would make us fall back to the system-wide default defined in /etc/selinux/targeted/seusers.
The IPA default must be only used if there are rules on the server, but none matches.
status: new => assigned
patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.9.0 RC1
rhbz: => 0
proposed_priority: => Undefined
resolution: => fixed
status: assigned => closed
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.0 beta 7
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.