Why am I a guest on Fedora 18?
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Tue Nov 13 19:37:59 UTC 2012
On 11/13/12 11:24, Rob Crittenden wrote:
> Erinn Looney-Triggs wrote:
>> On 11/13/12 11:05, Daniel J Walsh wrote:
>>> selinuxdefcon erinn system_u:system_r:xdm_t:s0-s0:c0.c1023
>>> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>>
>>
>> I am assuming you meant run this:
>> selinuxdefcon erinn system_u:system_r:xdm_t:s0-s0:c0.c1023
>>
>> Which in turn resulted in this:
>> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>
> In F-18 you have a version of sssd that actually CAN do selinux user
> mapping.
>
> Run ipa config-show and I'll bet the default SELinux user is guest_u.
>
> Try this as an admin user:
>
> $ ipa config-mod --ipaselinuxusermapdefault=unconfined_u:s0-s0:c0.c1023
>
> Then try the login again.
>
> rob
Rob,
Thanks you are probably correct, unfortunately the CLI netted me a failure:
ipa config-show
ipa: ERROR: 2.44 client incompatible with 2.34 server at
u'https://ipa.foo.com/ipa/xml'
However, when run from RHEL systems it did indeed show what you expected.
I modified the default context to unconfined_u and after clearing the
sssd cache I logged back in as unconfined_u.
Thanks so much for the help in tracking that down,
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20121113/5ce6df7b/attachment.sig>
More information about the selinux
mailing list