SSSD allows SELinux context for user to be set, however SELinux tools are not updated to reflect this(Bug887193)

Solution Unverified - Updated -

Issue

IPA server defaults to unconfined_u:s0-s0:c0.c1023 in RHEL 6.4, this is OK.

However, it unfortunately defaults to guest_u:s0 in RHEL 6.3 which makes RHEL 6.4 clients use that value. A quickfix for this issue is to modify the config default with:

ipa config-mod --ipaselinuxusermapdefault=unconfined_u:s0-s0:c0.c1023

But we will need to fix IPA in RHEL-6.3 and change the default to "unconfined_u:s0-s0:c0.c1023", either by z-stream or at least a release note.

https://bugzilla.redhat.com/show_bug.cgi?id=887193

Environment

  • Red Hat Enterprise Linux 6.4
  • IPA

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content