Blob Blame History Raw
From b4618d133f473b9bbc36f2a5e94b8b0f257ba3e0 Mon Sep 17 00:00:00 2001
From: Radovan Sroka <rsroka@redhat.com>
Date: Fri, 5 Aug 2022 14:49:30 +0200
Subject: [PATCH] Add mention that using of names requires name resolution

- using of user and group names as uid and gid attributes
  requires correct name resolution

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index d932e00..abc5eee 100644
--- a/README.md
+++ b/README.md
@@ -131,6 +131,12 @@ You can similarly do this for trusted users that have to execute things in
 the home dir. You can create a trusted_user group, add them the group,
 and then write a rule allowing them to execute from their home dir.
 
+When you want to use user or group name (as a string). You have to guarantee
+that these names were correctly resolved. In case of systemd, you need to add
+a new after target 'After=nss-user-lookup.target'.
+To achieve that you can use `systemctl edit --full fapolicyd`,
+uncomment the respective line and save the change.
+
 ```
 allow perm=any gid=trusted_user : ftype=%languages dir=/home
 deny_audit perm=any all : ftype=%languages dir=/home