Josh wrote:
I have a situation where I need to support more than 1024 categories on a 
system.  I modified the file to check for the number of 
categories I need but ipa still responds with the original error message.  Do I 
need to restart any of the services?

Here is the command that was run and the output after applying the patch below:

ipa config-mod 
ipa: ERROR: invalid 'ipaselinuxusermaporder': SELinux user 
'staff_u:s0-s15:c0.c16383' is not valid: Invalid MCS value, must match 
c[0-1023].c[0-1023] and/or c[0-1023]-c[0-c0123]

Have you updated your SELinux policy to support a larger MCS range? If not then this will get you past the IPA validator but it won't work with SELinux. See semanage(8).



PS: This is the patch that was applied

--- /usr/lib/python2.6/site-packages/ipalib/plugins/  
2014-02-11 13:18:19.868574971 -0500
+++ /usr/lib/python2.6/site-packages/ipalib/plugins/   
2014-02-11 13:20:03.563127380 -0500
@@ -99,9 +99,9 @@ def validate_selinuxuser(ugettext, user)
      if not mls or not regex_mls.match(mls):
          return _('Invalid MLS value, must match s[0-15](-s[0-15])')
      m = regex_mcs.match(mcs)
-    if mcs and (not m or ( and (int( > 1023))):
-        return _('Invalid MCS value, must match c[0-1023].c[0-1023] '
-                 'and/or c[0-1023]-c[0-c0123]')
+    if mcs and (not m or ( and (int( > 16384))):
+        return _('Invalid MCS value, must match c[0-16384].c[0-16384] '
+                 'and/or c[0-16384]-c[0-16384]')
      return None

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to