Learn more about these different git repos.
Other Git URLs
Because we have no control over what SELinux context comes from the server, we may blindly put junk into the SELinux login file.
We could be a little more defensive and use security_canonicalize_context() to try and validate the context before writing it to the login file.
I discussed the validation with Dan Walsh and he recommended that we should not, however, act on the result in any way other than warning and we should pass the context on even when it does not validate and we should just let libselinux do the right thing.
Fields changed
summary: Validate the SELinux user context with => Validate the SELinux user context with security_canonicalize_context()
milestone: NEEDS_TRIAGE => SSSD 1.10 beta priority: major => minor rhbz: => todo
selected: => Not need
Moving tickets that are not a priority for SSSD 1.10 into the next release.
milestone: SSSD 1.10 beta => SSSD 1.11 beta
This could be done in libselinux probably. When we get to 1.13, we should work with dwalsh or mgrepl on making sure we're not duplicating code.
changelog: => design: => design_review: => 0 fedora_test_page: => review: => 0
mark: => 0
milestone: SSSD 1.13 beta => SSSD 1.13 backlog priority: minor => trivial
Mass-moving tickets not planned for any immediate release and re-setting priority.
milestone: SSSD 1.13 backlog => SSSD Deferred priority: trivial => major
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD Patches welcome
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Metadata Update from @pbrezina: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2592
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Log in to comment on this ticket.