Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

26.2. Configuration Examples

26.2.1. Mapping SELinux users to IdM users

The following procedure shows how to create a new SELinux mapping and how to add a new IdM user to this mapping.

Procedure 26.1. How to Add a User to an SELinux Mapping

  1. To create a new SELinux mapping, enter the following command where SELinux_mapping is the name of the new SELinux mapping and the --selinuxuser option specifies a particular SELinux user:
    ~]$ ipa selinuxusermap-add SELinux_mapping --selinuxuser=staff_u:s0-s0:c0.c1023
  2. Enter the following command to add an IdM user with the tuser user name to the SELinux mapping:
    ~]$ ipa selinuxusermap-add-user --users=tuser SELinux_mapping
  3. To add a new host named ipaclient.example.com to the SELinux mapping, enter the following command:
    ~]$ ipa selinuxusermap-add-host --hosts=ipaclient.example.com SELinux_mapping
  4. The tuser user gets the staff_u:s0-s0:c0.c1023 label when logged in to the ipaclient.example.com host:
    [tuser@ipa-client]$ id -Z
    staff_u:staff_r:staff_t:s0-s0:c0.c1023