Amir Alexander Abdelbaki
87b62f368b
policy-block-binary-<name> is now a FreeIPA *user* group instead of a host group, so restrictions follow the user to every enrolled machine. The PATH wrapper is installed on all hosts and checks group membership at runtime via id(1)/SSSD, passing non-members through transparently. __ in the group name decodes to . so Flatpak app IDs are supported (flatpak run fallback included). AppArmor layer removed since per-user confinement requires a different approach and the wrapper alone is sufficient. Adds local_sudo_<username> host group policy which writes a sudoers drop-in granting that user full sudo on the specific device, reverted on group leave. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| Desktop-Environments | ||
| FreeipaAnsible | ||
| optional-Modules | ||
| core-packages.sh | ||
| core.sh | ||
| package-managers.sh | ||
| shell-setup.sh | ||