Bug 1594245
| Summary: | [RFE] sysadm_r should be included in default SELinux user map order | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Luc de Louw <ldelouw> | |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | |
| Severity: | low | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 7.7-Alt | CC: | afarley, cheimes, frenaud, ndehadra, pasik, pvoborni, rcritten, tscherf | |
| Target Milestone: | rc | Keywords: | FutureFeature | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | ipa-4.6.5-2.el7 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1658303 (view as bug list) | Environment: | ||
| Last Closed: | 2019-08-06 13:09:16 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1658303 | |||
|
Description
Luc de Louw
2018-06-22 12:45:24 UTC
I think you need a stronger case on WHY this needs to be added, not just that it would be more convenient. In all likelihood, if this were added, it would apply to new installs only. (In reply to Rob Crittenden from comment #3) > I think you need a stronger case on WHY this needs to be added, not just > that it would be more convenient. It is a standard SELinux user role included in RHEL (like user_r, staff_r, guest_r) and used quite often. > > In all likelihood, if this were added, it would apply to new installs only. That is IMHO okay, those users who want to make use of this probably already figured out how to enable sysadm_r Thanks, Luc Upstream ticket: https://pagure.io/freeipa/issue/7658 Fixed upstream ipa-4-7: https://pagure.io/freeipa/c/1853e2ecd6b5cbe389507a8c3fc751deaf512bb6 master: https://pagure.io/freeipa/c/044ffe0dd0b542e9b8310c67669285c66153c916 Fixed upstream ipa-4-6: https://pagure.io/freeipa/c/c742ff13c910d8156d06a944caba84e0b83bb3c6 IPA version: ipa-server-4.6.5-8.el7.x86_64 Verified the bug on the basis of following observations: 1. Verified the error mentioned in description is no more observed and command 'selinuxusermap-add' is successful while using context 'sysadm_u:s0-s0:c0.c1023'. [root@kvm-01-guest02 ~]# ipa selinuxusermap-add --selinuxuser='sysadm_u:s0-s0:c0.c1023' mapname -------------------------------- Added SELinux User Map "mapname" -------------------------------- Rule name: mapname SELinux User: sysadm_u:s0-s0:c0.c1023 Enabled: TRUE [root@kvm-01-guest02 ~]# ipa selinuxusermap-add --selinuxuser='sysadm_u:s0-s0:c0.c1023' sysadmins ---------------------------------- Added SELinux User Map "sysadmins" ---------------------------------- Rule name: sysadmins SELinux User: sysadm_u:s0-s0:c0.c1023 Enabled: TRUE Thus on basis of above observations, marking status of bug to 'VERIFIED'. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2241 |