URL: https://github.com/freeipa/freeipa/pull/1845 Author: rcritten Title: #1845: Allow dot as a valid character in an selinux identity name Action: opened
PR body: """ Both of these are legal: unconfined_u and unconfined.u https://pagure.io/freeipa/issue/7510 Signed-off-by: Rob Crittenden <[email protected]> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1845/head:pr1845 git checkout pr1845
From 72b5c15262194c3e653d1067f31eccf97436e58d Mon Sep 17 00:00:00 2001 From: Rob Crittenden <[email protected]> Date: Mon, 23 Apr 2018 15:06:49 -0400 Subject: [PATCH] Allow dot as a valid character in an selinux identity name Both of these are legal: unconfined_u and unconfined.u https://pagure.io/freeipa/issue/7510 Signed-off-by: Rob Crittenden <[email protected]> --- ipaserver/plugins/selinuxusermap.py | 6 +++--- ipatests/test_xmlrpc/test_selinuxusermap_plugin.py | 8 +++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ipaserver/plugins/selinuxusermap.py b/ipaserver/plugins/selinuxusermap.py index 2fad418493..2886f35360 100644 --- a/ipaserver/plugins/selinuxusermap.py +++ b/ipaserver/plugins/selinuxusermap.py @@ -92,7 +92,7 @@ def validate_selinuxuser(ugettext, user): """ An SELinux user has 3 components: user:MLS:MCS. user and MLS are required. user traditionally ends with _u but this is not mandatory. - The regex is ^[a-zA-Z][a-zA-Z_]* + The regex is ^[a-zA-Z][a-zA-Z_\.]* The MLS part can only be: Level: s[0-15](-s[0-15]) @@ -103,7 +103,7 @@ def validate_selinuxuser(ugettext, user): Returns a message on invalid, returns nothing on valid. """ - regex_name = re.compile(r'^[a-zA-Z][a-zA-Z_]*$') + regex_name = re.compile(r'^[a-zA-Z][a-zA-Z_\.]*$') regex_mls = re.compile(r'^s[0-9][1-5]{0,1}(-s[0-9][1-5]{0,1}){0,1}$') regex_mcs = re.compile(r'^c(\d+)([.,-]c(\d+))*?$') @@ -112,7 +112,7 @@ def validate_selinuxuser(ugettext, user): (name, mls, mcs, _ignore) = (user + ':::').split(':', 3) if not regex_name.match(name): - return _('Invalid SELinux user name, only a-Z and _ are allowed') + return _('Invalid SELinux user name, only a-Z, _ and . are allowed') if not mls or not regex_mls.match(mls): return _('Invalid MLS value, must match s[0-15](-s[0-15])') m = regex_mcs.match(mcs) diff --git a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py index 18fcebfdb7..6b703c6021 100644 --- a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py +++ b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py @@ -620,9 +620,11 @@ class test_selinuxusermap(Declarative): command=( 'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'bad+user') ), - expected=errors.ValidationError(name='selinuxuser', - error=u'Invalid SELinux user name, only a-Z and _ are allowed' - ), + expected=errors.ValidationError( + name='selinuxuser', + error=u'Invalid SELinux user name, only a-Z, _ ' + 'and . are allowed' + ), ),
_______________________________________________ FreeIPA-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
