SELINUX admin with LDAP
Stephen Smalley
sds at tycho.nsa.gov
Wed May 21 11:50:44 UTC 2008
On Wed, 2008-05-21 at 12:01 +0200, Rob Visser wrote:
> Hello,
>
> Is it possible to administer SELINUX users and RBAC stuff in LDAP?
> With RH directory server?
> It would be nice, since all the other stuff can be administered in
> LDAP.
Not yet, but known as a need. Likely would take the form of moving
seusers management out of libsemanage and adding a LDAP lookup back end
to libselinux getseuserbyname(). Then you could manage at least the
Linux user -> (SELinux user, MLS range) authorizations in LDAP.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list