Back to bug 1016638
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kaleem | 2013-10-08 13:04:07 UTC | CC | jhrozek, mkosek, nsoman | |
| Milos Malik | 2013-10-08 21:22:52 UTC | CC | mmalik | |
| OS | Unspecified | Linux | ||
| Daniel Walsh | 2013-10-09 14:47:59 UTC | CC | rcritten | |
| Component | selinux-policy | ipa | ||
| Assignee | mgrepl | mkosek | ||
| QA Contact | qe-baseos-security | nsoman | ||
| Daniel Walsh | 2013-10-09 14:48:47 UTC | Status | NEW | CLOSED |
| Resolution | --- | DUPLICATE | ||
| Last Closed | 2013-10-09 10:48:47 UTC | |||
| Martin Kosek | 2013-10-30 16:18:52 UTC | Doc Text | IdM server in Red Hat Enterprise Linux 6.3 introduced a technical preview of SELinux user mapping feature, which enabled a mapping of SELinux users to users managed by the IdM based on custom rules. However, the default configured SELinux user (guest_u:s0) used when no custom rule matches is too constraining. An IdM user authenticating to Red Hat Enterprise Linux 6.5 can be assigned the too constraining SELinux user in which case a login through graphical session would always fail. To work around this problem, change a too constraining default SELinux user in the IdM server from guest_u:s0 to a more relaxed value unconfined_u:s0-s0:c0.c1023: kinit admin ipa config-mod --ipaselinuxusermapdefault=unconfined_u:s0-s0:c0.c1023 An unconfined SELinux user will be now assigned to the IdM user by default, which will allow the user to successfully authenticate through graphical interface. | |
| Doc Type | Bug Fix | Known Issue |
Back to bug 1016638