jhrozek/kcm-selinux

Project ID: 24848

Description

Description not filled in by author. Very likely personal repository for testing purpose, which you should not use.

Installation Instructions

install the packages: dnf -y install sssd-kcm

so far the contexts are only tracked when the ccaches are stored in KCM's memory simply because it was the easiest to implement. So open /etc/sssd/sssd.conf, add or edit the section [kcm] and add: ccache_storage = memory

restart the kcm service: systemctl restart sssd-kcm

you need to make sure that KCM is selected as the default ccache in /etc/krb5.conf (this is done by default with Fedora, but the file that configures this default ccache will be gone if you uninstall the fedora sssd-kcm package): [libdefaults] default_ccache_name = KCM:

Testing: add a confined user: useradd roletest semanage login -a -s staff_u -r roletest give this user a password: passwd roletest

log in as that user with some sevice that uses pam_selinux: ssh roletest@localhost you should be "staff_u:staff_r:staff_t:s0" now. kinit as the user, then change the role with "newrole -r sysadm_r". Run klist and you would be rejected.

Active Releases

The following unofficial repositories are provided as-is by owner of this project. Contact the owner directly for bugs or issues (IE: not bugzilla).

Release Architectures Repo Download

* Total number of packages downloaded in the last seven days.