Learn more about these different git repos.
Other Git URLs
The SELinux evaluator in the PAM responder uses the default SELinux user from the IPA server when no rules match, even when there are in fact no rules on the server.
This is wrong, because all users in the default IPA configuration would get the very restricted guest_u context. guest_u is not able, for instance, to run any setuid programs.
In case there are no rules on the IPA server, we must simply avoid generating the login file. That would make us fall back to the system-wide default defined in /etc/selinux/targeted/seusers.
The IPA default must be only used if there are rules on the server, but none matches.
Fields changed
status: new => assigned
patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.9.0 RC1 rhbz: => 0
master: f004e23
proposed_priority: => Undefined resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.9.0 beta 7
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2497
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.