Learn more about these different git repos.
Currently the IPA backend writes out the login file containing the SELinux login string directly to /etc/selinux/targeted/logins. It might help to improve the audit trail if we used libsemanage instead.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1113784 (Red Hat Enterprise Linux 7)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1113784 1113784]
After a bit more discussion, it was decided that we only need to audit that the file had changed at all, not who changed it.
The move to libsemanage is not viable, libsemanage doesn't have any facility to operate the flat files.
summary: SELinux: Use libsemanage instead of writing the SELinux file directly => SELinux: Audit changes to the SELinux label files
milestone: NEEDS_TRIAGE => SSSD 1.12.1
priority: major => minor
owner: somebody => mzidek
Mass-moving all tickets that didn't make 1.12.1 into 1.12.2
milestone: SSSD 1.12.1 => SSSD 1.12.2
patch: 0 => 1
We need to do a release as requested by downstream. Moving tickets that are not fixed already or very close to acking to 1.12.3
milestone: SSSD 1.12.2 => SSSD 1.12.3
mark: => 0
resolution: => fixed
status: new => closed
Metadata Update from @jhrozek:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.12.3
to comment on this ticket.