Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1562606
Description of problem: https://github.com/freeipa/freeipa/blob/beb6d74b81eae9965ddc031db1a3826c01d59d3 0/ipaserver/plugins/selinuxusermap.py#L104 The above code seems to do some "sanity" checks that forces one to use selinux user identities with only "aZ" and "_" The CIL selinux policy language leverages "name spaces" so would be nice if we can use that. Example: unconfined_u would be unconfined.u Do we need these sanity checks at all though? I would explect that libsemanage takes care of this for us? The mls checks also seem to assume that one has no more than 15 sensitivities. There is no hard limit to 15 in practice.
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1562606
Metadata Update from @rcritten: - Issue assigned to rcritten
https://github.com/freeipa/freeipa/pull/1845
master:
ipa-4-6:
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.