SSSD allows SELinux context for user to be set, however SELinux tools are not updated to reflect this(Bug887193)

Solution Unverified - Updated -

Issue

IPA server defaults to unconfined_u:s0-s0:c0.c1023 in RHEL 6.4, this is OK.

However, it unfortunately defaults to guest_u:s0 in RHEL 6.3 which makes RHEL 6.4 clients use that value. A quickfix for this issue is to modify the config default with:

ipa config-mod --ipaselinuxusermapdefault=unconfined_u:s0-s0:c0.c1023

But we will need to fix IPA in RHEL-6.3 and change the default to "unconfined_u:s0-s0:c0.c1023", either by z-stream or at least a release note.

https://bugzilla.redhat.com/show_bug.cgi?id=887193

Environment

  • Red Hat Enterprise Linux 6.4
  • IPA

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.