The default SELinux user map user is currently guest_u. This is too restrictive, esp since the Fedora/RHEL default is unconfined_u.
We need to be consistent and change the default to unconfined_u.
Simo, Jakub, Dmitri, Dan and I agreed that we should also allow no value to be set for default in which case SSSD will use whatever the local system default is.
attachment freeipa-rcrit-1054-2-selinux.patch
master: 79b90d1[[BR]] ipa-3-0: 29a5d16
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.0 RC1
Login to comment on this ticket.