-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless - -Z is specified again.
MLS security is not supported as of this patch.
Also adds explicit build dependency on libselinux-devel - it is dragged in by krb5-devel currently, but I think the dependency should be listed since we directly use functions from libselinux to set homedir contexts.
Addresses: #230
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/31/2010 07:12 AM, Jakub Hrozek wrote:
Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again.
MLS security is not supported as of this patch.
Also adds explicit build dependency on libselinux-devel - it is dragged in by krb5-devel currently, but I think the dependency should be listed since we directly use functions from libselinux to set homedir contexts.
Addresses: #230
Patch 0001: Minor nitpick. While you're moving the code, could you please fix the whitespace errors in the selinux_file_context() description?
Patch 0002: - --without-semanage should be implicit if --without-selinux is set, unless you can convince me that there would ever be a platform that supported one without the other.
Please correct whitespace error in sss_useradd.8.xml
Otherwise, this looks fine.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/06/2010 02:47 PM, Stephen Gallagher wrote:
On 03/31/2010 07:12 AM, Jakub Hrozek wrote:
Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again.
MLS security is not supported as of this patch.
Also adds explicit build dependency on libselinux-devel - it is dragged in by krb5-devel currently, but I think the dependency should be listed since we directly use functions from libselinux to set homedir contexts.
Addresses: #230
Patch 0001: Minor nitpick. While you're moving the code, could you please fix the whitespace errors in the selinux_file_context() description?
Patch 0002: --without-semanage should be implicit if --without-selinux is set, unless you can convince me that there would ever be a platform that supported one without the other.
Please correct whitespace error in sss_useradd.8.xml
Otherwise, this looks fine.
One more issue: the sssd.spec.in needs to have BuildRequires: semanage-devel
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/06/2010 08:54 PM, Stephen Gallagher wrote:
On 04/06/2010 02:47 PM, Stephen Gallagher wrote:
On 03/31/2010 07:12 AM, Jakub Hrozek wrote:
Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again.
MLS security is not supported as of this patch.
Also adds explicit build dependency on libselinux-devel - it is dragged in by krb5-devel currently, but I think the dependency should be listed since we directly use functions from libselinux to set homedir contexts.
Addresses: #230
Patch 0001: Minor nitpick. While you're moving the code, could you please fix the whitespace errors in the selinux_file_context() description?
Patch 0002: --without-semanage should be implicit if --without-selinux is set, unless you can convince me that there would ever be a platform that supported one without the other.
Please correct whitespace error in sss_useradd.8.xml
Otherwise, this looks fine.
One more issue: the sssd.spec.in needs to have BuildRequires: semanage-devel
Thanks for the review, attached are new patches.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/07/2010 07:30 AM, Jakub Hrozek wrote:
On 04/06/2010 08:54 PM, Stephen Gallagher wrote:
On 04/06/2010 02:47 PM, Stephen Gallagher wrote:
On 03/31/2010 07:12 AM, Jakub Hrozek wrote:
Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again.
MLS security is not supported as of this patch.
Also adds explicit build dependency on libselinux-devel - it is dragged in by krb5-devel currently, but I think the dependency should be listed since we directly use functions from libselinux to set homedir contexts.
Addresses: #230
Patch 0001: Minor nitpick. While you're moving the code, could you please fix the whitespace errors in the selinux_file_context() description?
Patch 0002: --without-semanage should be implicit if --without-selinux is set, unless you can convince me that there would ever be a platform that supported one without the other.
Please correct whitespace error in sss_useradd.8.xml
Otherwise, this looks fine.
One more issue: the sssd.spec.in needs to have BuildRequires: semanage-devel
Thanks for the review, attached are new patches.
Ack. I fixed the whitespace issues in the first patch as well. Attaching for posterity.
I'm not pushing this upstream immediately, as there is a bug in the latest version of libsemanage that this patch revealed.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/07/2010 03:17 PM, Stephen Gallagher wrote:
I'm not pushing this upstream immediately, as there is a bug in the latest version of libsemanage that this patch revealed.
This should be fixed as of libsemanage-2.0.45-3.fc14 (http://koji.fedoraproject.org/koji/buildinfo?buildID=165881)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/07/2010 09:17 AM, Stephen Gallagher wrote:
On 04/07/2010 07:30 AM, Jakub Hrozek wrote:
On 04/06/2010 08:54 PM, Stephen Gallagher wrote:
On 04/06/2010 02:47 PM, Stephen Gallagher wrote:
On 03/31/2010 07:12 AM, Jakub Hrozek wrote:
Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again.
MLS security is not supported as of this patch.
Also adds explicit build dependency on libselinux-devel - it is dragged in by krb5-devel currently, but I think the dependency should be listed since we directly use functions from libselinux to set homedir contexts.
Addresses: #230
Patch 0001: Minor nitpick. While you're moving the code, could you please fix the whitespace errors in the selinux_file_context() description?
Patch 0002: --without-semanage should be implicit if --without-selinux is set, unless you can convince me that there would ever be a platform that supported one without the other.
Please correct whitespace error in sss_useradd.8.xml
Otherwise, this looks fine.
One more issue: the sssd.spec.in needs to have BuildRequires: semanage-devel
Thanks for the review, attached are new patches.
Ack. I fixed the whitespace issues in the first patch as well. Attaching for posterity.
I'm not pushing this upstream immediately, as there is a bug in the latest version of libsemanage that this patch revealed.
Pushed both patches to master. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
sssd-devel@lists.fedorahosted.org