26.2. Configuration Examples
26.2.1. Mapping SELinux users to IdM users
The following procedure shows how to create a new SELinux mapping and how to add a new IdM user to this mapping.
Procedure 26.1. How to Add a User to an SELinux Mapping
- To create a new SELinux mapping, enter the following command where
SELinux_mapping
is the name of the new SELinux mapping and the--selinuxuser
option specifies a particular SELinux user:~]$
ipa selinuxusermap-add SELinux_mapping --selinuxuser=staff_u:s0-s0:c0.c1023
- Enter the following command to add an IdM user with the
tuser
user name to the SELinux mapping:~]$
ipa selinuxusermap-add-user --users=tuser SELinux_mapping
- To add a new host named
ipaclient.example.com
to the SELinux mapping, enter the following command:~]$
ipa selinuxusermap-add-host --hosts=ipaclient.example.com SELinux_mapping
- The
tuser
user gets thestaff_u:s0-s0:c0.c1023
label when logged in to the ipaclient.example.com host:[tuser@ipa-client]$
id -Z
staff_u:staff_r:staff_t:s0-s0:c0.c1023