SSSD allows SELinux context for user to be set, however SELinux tools are not updated to reflect this(Bug887193)
Issue
IPA server defaults to unconfined_u:s0-s0:c0.c1023 in RHEL 6.4, this is OK.
However, it unfortunately defaults to guest_u:s0 in RHEL 6.3 which makes RHEL 6.4 clients use that value. A quickfix for this issue is to modify the config default with:
ipa config-mod --ipaselinuxusermapdefault=unconfined_u:s0-s0:c0.c1023
But we will need to fix IPA in RHEL-6.3 and change the default to "unconfined_u:s0-s0:c0.c1023", either by z-stream or at least a release note.
https://bugzilla.redhat.com/show_bug.cgi?id=887193
Environment
- Red Hat Enterprise Linux 6.4
- IPA
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
