Blob Blame History Raw
From fb4c274f4857f2d652014b0189abafb1df4b001a Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 19 Jul 2022 12:18:18 -0400
Subject: [PATCH] Add documentation describing support for user/group names

---
 doc/fapolicyd.rules.5  | 6 +++---
 init/fapolicyd.service | 2 ++
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/doc/fapolicyd.rules.5 b/doc/fapolicyd.rules.5
index aa77177..3b8ec09 100644
--- a/doc/fapolicyd.rules.5
+++ b/doc/fapolicyd.rules.5
@@ -35,13 +35,13 @@ The subject is the process that is performing actions on system resources. The f
 This matches against any subject. When used, this must be the only subject in the rule.
 .TP
 .B auid
-This is the login uid that the audit system assigns users when they log in to the system. Daemons have a value of -1.
+This is the login uid that the audit system assigns users when they log in to the system. Daemons have a value of -1. The given value may be numeric or the account name.
 .TP
 .B uid
-This is the user id that the program is running under.
+This is the user id that the program is running under. The given value may be numeric or the account name.
 .TP
 .B gid
-This is the group id that the program is running under.
+This is the group id that the program is running under. The given value may be numeric or the group name.
 .TP
 .B sessionid
 This is the numeric session id that the audit system assigns to users when they log in. Daemons have a value of -1.
diff --git a/init/fapolicyd.service b/init/fapolicyd.service
index 715de98..a5a6a3f 100644
--- a/init/fapolicyd.service
+++ b/init/fapolicyd.service
@@ -11,6 +11,8 @@ PIDFile=/run/fapolicyd.pid
 ExecStartPre=/usr/sbin/fagenrules
 ExecStart=/usr/sbin/fapolicyd
 Restart=on-abnormal
+# Uncomment the following line if rules need user/group name lookup
+#After=nss-user-lookup.target
 
 [Install]
 WantedBy=multi-user.target
-- 
2.37.1