[Freeipa-users] selinuxusermap prioritization
Josh
jokajak at gmail.com
Wed Mar 5 12:42:36 UTC 2014
I'm trying to use selinuxusermap to configure the SELinux role that
users are assigned when they logged in to systems. I have a question of
what algorithm is used to determine which rule wins when multiple match.
My current setup is:
ipa selinuxusermap-add staff_u --selinuxuser=staff_u:s0-s0:c0.c1023
ipa selinuxusermap-add resadm_u --selinuxuser=resadm_u:s0-s0:c0.c1023
ipa selinuxusermap-add-host staff_u --hostgroups=targeted
ipa selinuxusermap-add-host resadm_u --hostgroups=targeted
ipa selinuxusermap-add-user staff_u --groups=wheel
ipa selinuxusermap-add-user resadm_u --groups=somegroup
ipa user-add jokajak --first=Joka --last=Jak --email=jokajak at gmail.com
ipa group-add-member wheel --users=jokajak
ipa group-add-member somegroup --users=jokajak
My current scenario is:
When I log in to a system I am assigned the resadm role but I would like
to be assigned the staff_u role. I tried naming the selinuxusermap
ZZ_resadm_u and 99_resadm_u but that had no effect.
Any recommendations?
Thanks,
-josh
More information about the Freeipa-users
mailing list