Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1594245
Description of problem: If one want to map a users to the SELinux role sysadm_r, it fails because it is not included in the default configuration of IPA. It is easy to add this with ipa config-mod. However, it would be more convenient for the users. Version-Release number of selected component (if applicable): 4.6 How reproducible: Always Steps to Reproduce: 1. ipa selinuxusermap-add --selinuxuser='sysadm_u:s0-s0:c0.c1023' mapname Actual results: ipa: ERROR: SELinux user sysadm_u:s0-s0:c0.c1023 not found in ordering list (in config) Expected results: [root@ipa1 ~]# ipa selinuxusermap-add --selinuxuser='sysadm_u:s0-s0:c0.c1023' sysadmins ---------------------------------- Added SELinux User Map "sysadmins" ---------------------------------- Rule name: sysadmins SELinux User: sysadm_u:s0-s0:c0.c1023 Enabled: TRUE Additional info: Proper workaround: ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0$staff _u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023' Thanks, Luc
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1594245
This will be for new installs only.
Metadata Update from @rcritten: - Issue tagged with: easyfix
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.7.2 (was: FreeIPA 4.7.1)
FreeIPA 4.7.1 has been released, moving to FreeIPA 4.7.2 milestone
https://github.com/freeipa/freeipa/pull/2544
Metadata Update from @fcami: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/2544
Metadata Update from @fcami: - Issue assigned to fcami
master:
ipa-4-7:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
ipa-4-6:
Login to comment on this ticket.