Sytax check should throw proper error message when selinuxuser MCS value is not in c0.c1023 range as described in http://freeipa.org/page/SELinux_user_mapping#SELinux_user_syntax
The following example should error out during syntax check since only c0.c1023 is the allowed range. Anything above c0.c1023 or c0-c1023 should result in a proper error message.
# ipa selinuxusermap-add --selinuxuser=test_u:s0-s0:c0.c2048 testselinuxusermap_syntaxcheck2 ipa: ERROR: SELinux user test_u:s0-s0:c0.c2048 not found in ordering list (in config) # ipa selinuxusermap-add --selinuxuser=test_u:s0-s0:c0-c1024 testselinuxusermap_syntaxcheck2 ipa: ERROR: SELinux user test_u:s0-s0:c0-c1024 not found in ordering list (in config)
The error message in the following example with MCS value c0.a1023 is as expected:
# ipa selinuxusermap-add --selinuxuser=test_u:s0-s0:c0.a1023 testselinuxusermap_syntaxcheck2 ipa: ERROR: invalid 'selinuxuser': Invalid MCS value, must match c[0-1023].c[0-1023] and/or c[0-1023]-c[0-c0123]
master: 785e80c[[BR]] ipa-3-0: 7094b28
Moving closed RC1 tickets to Beta 3.
Metadata Update from @aakkiang: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.0 Beta 3
Login to comment on this ticket.