Discussion:
[Freeipa-users] Freeipa and SELinux Users
Alex Thomas
2017-04-14 15:29:34 UTC
Permalink
I am sure this is hiding in the docs somewhere but my google-fu is
failing. Since I am running a network with Centos 7 servers and Fedora
25 clients, I would like to set FreeIPA so that users in ipauser are
given SELinux role of user_u, and those in the admin group are given
sysadm_u.
Justin Stephenson
2017-04-14 15:38:28 UTC
Permalink
Maybe this is what you are looking for?

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/mapping-selinux.html

-Justin
Post by Alex Thomas
I am sure this is hiding in the docs somewhere but my google-fu is
failing. Since I am running a network with Centos 7 servers and Fedora
25 clients, I would like to set FreeIPA so that users in ipauser are
given SELinux role of user_u, and those in the admin group are given
sysadm_u.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Alexander Bokovoy
2017-04-14 18:02:37 UTC
Permalink
Post by Justin Stephenson
Maybe this is what you are looking for?
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/mapping-selinux.html
Also make sure to use POSIX group for mapping assignment because
ipausers is non-POSIX group.
Post by Justin Stephenson
-Justin
Post by Alex Thomas
I am sure this is hiding in the docs somewhere but my google-fu is
failing. Since I am running a network with Centos 7 servers and
Fedora 25 clients, I would like to set FreeIPA so that users in
ipauser are given SELinux role of user_u, and those in the admin
group are given sysadm_u.
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Loading...