Amir Alexander Abdelbaki
87b62f368b
policy-block-binary-<name> is now a FreeIPA *user* group instead of a host group, so restrictions follow the user to every enrolled machine. The PATH wrapper is installed on all hosts and checks group membership at runtime via id(1)/SSSD, passing non-members through transparently. __ in the group name decodes to . so Flatpak app IDs are supported (flatpak run fallback included). AppArmor layer removed since per-user confinement requires a different approach and the wrapper alone is sufficient. Adds local_sudo_<username> host group policy which writes a sudoers drop-in granting that user full sudo on the specific device, reverted on group leave. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| archiso.md | ||
| editors.md | ||
| freeipa-ansible.md | ||
| hyprland.md | ||
| index.md | ||
| installation.md | ||
| modules.md | ||
| theming.md | ||
| utilities.md | ||