Jan Zelený <jzeleny(a)redhat.com> wrote:
Hi,
I'm sending all patches implementing support for SELinux user maps. Some
support patches are included as well.
#0001:
Implemented support for multiple search bases in HBAC rules and services.
As discussed before, this is not strictly needed, but I did it anyway to
unify the approach to multiple search bases. Just a reminder: the plan is
to use these structures and then limit maximal number of search bases to 1
since there is no support in IPA server for more bases anyway.
#0002:
This fixes minor regression brought by my previous patch which is already
pushed (multiple search bases in IPA hosts).
#0003:
Add generic routines to retrieve IPA configuration object. These routines
will be used in other parts of the code.
#0004:
Rewrite retrieval of password migration flag from IPA config to user
previously implemented generic IPA config interface.
#0005:
Some sysdb netgroup attributes will be used in SELinux user maps. They will
also have the same semantics, therefore they should be renamed and then re-
used.
#0006:
Some sysdb routines for SELinux support. Please note that some routines are
written in very generic way - I'd like to use them also elsewhere in the
current code, perhaps as a part of some sysdb refactoring.
#0007:
Utility functions for SELinux map matching against information about
current user and host.
#0008:
SELinux user maps support in IPA provider. Also generig data provider
related code is here. I'm considering splitting this patch in two or
three. Let me know your opinion.
#0009:
Responder support of SELinux user maps - retrieve all applicable maps from
sysbd and create content of the user mapping file
/etc/selinux/<policy>/logins/<usernale>
#0010:
Get the file content from PAM responder and write it to the file. I'm not
completely sure whether or not to implement some kind of locking to prevent
possible race conditions when reading/writing to this file.
Thanks in advance for the review. Any advices how to improve the code will
be appreciated.
Jan
Patches rebased on top of current master.
Jan