[Freeipa-devel] Users are unconfined_u:unconfined_r:unconfined_t
Simo Sorce
ssorce at redhat.com
Sat Jul 5 16:27:13 UTC 2008
On Fri, 2008-07-04 at 12:48 -0700, Eric wrote:
> Is there are reason why users are created within the context
> unconfined_u:unconfined_r:unconfined_t and not user_u:user_r:user_t?
> What would it take to create an IPA tool that allows to modify those
> SE-linux roles, types individually?
The SELinux role is assigned at login time by the client system, as, so
far, SELinux policies are only local.
We are actually working to make it possible to centrally manage the
SELinux user to IPA User association. But that will take some time and
requires an agent/pam module on the client machine able to fetch this
values from the directory.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list