Learn more about these different git repos.
Other Git URLs
The SELinux evaluator in the PAM responder uses the default SELinux user from the IPA server when no rules match, even when there are in fact no rules on the server.
This is wrong, because all users in the default IPA configuration would get the very restricted guest_u context. guest_u is not able, for instance, to run any setuid programs.
In case there are no rules on the IPA server, we must simply avoid generating the login file. That would make us fall back to the system-wide default defined in /etc/selinux/targeted/seusers.
The IPA default must be only used if there are rules on the server, but none matches.
status: new => assigned
patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.9.0 RC1
rhbz: => 0
proposed_priority: => Undefined
resolution: => fixed
status: assigned => closed
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.0 beta 7
to comment on this ticket.