freeipa

Clone
Source Code
GIT

#2983 Inconsistency in selinuxusermap to a HBAC rule.
Closed: Fixed None Opened 11 years ago by aakkiang.

Closed: Fixed
Reopen Issue

There is a inconsistency in behaviour when selinuxusermap linked to a HBAC rule and usercat/hostcat as shown below. 

A.[root@ipaqavme ipa-selinuxusermap-cli]# ipa selinuxusermap-add --selinuxuser=guest_u:s0 --usercat=all --hostcat=all test1
------------------------------
Added SELinux User Map "test1"
------------------------------
 Rule name: test1
 SELinux User: guest_u:s0
 User category: all
 Host category: all
 Enabled: TRUE
[root@ipaqavme ipa-selinuxusermap-cli]# ipa hbacrule-add --usercat=all test
----------------------
Added HBAC rule "test"
----------------------
 Rule name: test
 User category: all
 Enabled: TRUE
[root@ipaqavme ipa-selinuxusermap-cli]# ipa selinuxusermap-mod --hbacrule=test
Rule name: test1
ipa: ERROR: HBAC rule and local members cannot both be set
B. [root@ipaqavme ipa-selinuxusermap-cli]# ipa selinuxusermap-add --selinuxuser=guest_u:s0 --usercat=all --hostcat=all --hbacrule=test test2
------------------------------
Added SELinux User Map "test2"
------------------------------
 Rule name: test2
 SELinux User: guest_u:s0
 HBAC Rule: test
 User category: all
 Host category: all
 Enabled: TRUE

Also, when a HBAC rule is associated with selinuxusermap, adding usercat or hostcat should not be allowed.

master: 46f09fb[[BR]]
ipa-3-0: 0dd1fa4

Metadata Update from @aakkiang:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 3.0 RC1
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.