On Fri, Jul 20, 2012 at 05:51:29PM +0200, Jan Zelený wrote: > Dne pátek 20 července 2012 17:46:33, Jakub Hrozek napsal(a): > > On Fri, Jul 20, 2012 at 05:27:44PM +0200, Jan Zelený wrote: > > > > Oh right, it's and HBAC attribute.. > > > > > > > > Can't you just include ipa_hbac_private.h, then? > > > > > > I didn't exactly like that solution either so I moved those two constants > > > to ipa_hbac.h which is supposed to be a public HBAC interface. The "right > > > solution" would be to construct a map for HBAC rules, I know we discussed > > > this with Stephen several months back but we never really got to do that. > > ipa_hbac.h is a public header of libipa_hbac, included in > > libipa_hbac-devel. The attribute names don't have to be in the public > > interface, I think that including the ipa_hbac_private.h header is just > > fine. > > Well, it's probably the best of bad options. Patches attached. > > Jan
Nack, these patches still don't work. Here is my setup: # ipa selinuxusermap-find --------------------------- 2 SELinux User Maps matched --------------------------- Rule name: test_all_user_all_hosts SELinux User: xguest_u:s0 User category: all Host category: all Enabled: TRUE Rule name: test_user_all_hosts SELinux User: user_u:s0-s0:c0.c1023 Host category: all Enabled: TRUE Users: tuser1 I'm logging in as tuser1, so I was expecting to get "user_u:s0-s0:c0.c1023", however neither of the maps match and I'm left with the default. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel