From b4618d133f473b9bbc36f2a5e94b8b0f257ba3e0 Mon Sep 17 00:00:00 2001

From: Radovan Sroka <rsroka@redhat.com>

Date: Fri, 5 Aug 2022 14:49:30 +0200

Subject: [PATCH] Add mention that using of names requires name resolution

- using of user and group names as uid and gid attributes

  requires correct name resolution

Signed-off-by: Radovan Sroka <rsroka@redhat.com>

---

 README.md | 6 ++++++

 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md

index d932e00..abc5eee 100644

--- a/README.md

+++ b/README.md

@@ -131,6 +131,12 @@ You can similarly do this for trusted users that have to execute things in

 the home dir. You can create a trusted_user group, add them the group,

 and then write a rule allowing them to execute from their home dir.

+When you want to use user or group name (as a string). You have to guarantee

+that these names were correctly resolved. In case of systemd, you need to add

+a new after target 'After=nss-user-lookup.target'.

+To achieve that you can use `systemctl edit --full fapolicyd`,

+uncomment the respective line and save the change.

+

 ```

 allow perm=any gid=trusted_user : ftype=%languages dir=/home

 deny_audit perm=any all : ftype=%languages dir=/home