Erinn Looney-Triggs wrote:
On 11/13/12 11:24, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 11/13/12 11:05, Daniel J Walsh wrote:
selinuxdefcon erinn system_u:system_r:xdm_t:s0-s0:c0.c1023
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
I am assuming you meant run this:
selinuxdefcon erinn system_u:system_r:xdm_t:s0-s0:c0.c1023
Which in turn resulted in this:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
In F-18 you have a version of sssd that actually CAN do selinux user
mapping.
Run ipa config-show and I'll bet the default SELinux user is guest_u.
Try this as an admin user:
$ ipa config-mod --ipaselinuxusermapdefault=unconfined_u:s0-s0:c0.c1023
Then try the login again.
rob
Rob,
Thanks you are probably correct, unfortunately the CLI netted me a failure:
ipa config-show
ipa: ERROR: 2.44 client incompatible with 2.34 server at
u'https://ipa.foo.com/ipa/xml'
Yeah, you can talk with an older client to a newer server, but not the
other way around.
However, when run from RHEL systems it did indeed show what you expected.
I modified the default context to unconfined_u and after clearing the
sssd cache I logged back in as unconfined_u.
Thanks so much for the help in tracking that down,
Excellent news!
rob
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
