freeipa

Clone
Source Code
GIT

aaf9383 Create systemd-user HBAC service and rule

Authored and Committed by cheimes 5 years ago
raw patch tree parent
4 files changed. 116 lines added. 0 lines removed.
install/share/bootstrap-template.ldif
file modified
+8 -0
install/share/default-hbac.ldif
file modified
+13 -0
ipaserver/install/server/upgrade.py
file modified
+36 -0
ipatests/test_integration/test_commands.py
file modified
+59 -0 
    Create systemd-user HBAC service and rule
    
    authselect changed pam_systemd session from optional to required. When
    the HBAC rule allow_all is disabled and replaced with more fine grained
    rules, loginsi now to fail, because systemd's user@.service is able to
    create a systemd session.
    
    Add systemd-user HBAC service and a HBAC rule that allows systemd-user
    to run on all hosts for all users by default. ipa-server-upgrade creates
    the service and rule, too. In case the service already exists, no
    attempt is made to create the rule. This allows admins to delete the
    rule permanently.
    
    See: https://bugzilla.redhat.com/show_bug.cgi?id=1643928
    Fixes: https://pagure.io/freeipa/issue/7831
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+8 -0
file modified
+13 -0
file modified
+36 -0
file modified
+59 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.