Restrict the SELinux user map user MLS value to 0-1023

https://fedorahosted.org/freeipa/ticket/3001
2025-02-25 18:55:28 -06:00 · 2012-08-28 17:14:28 -04:00
parent 5e277a97a6
commit 785e80c4fc
2 changed files with 13 additions and 1 deletions
--- a/tests/test_xmlrpc/test_selinuxusermap_plugin.py
+++ b/tests/test_xmlrpc/test_selinuxusermap_plugin.py
@@ -643,6 +643,17 @@ class test_selinuxusermap(Declarative):
        ),


+        dict(
+            desc='Create rule with invalid MLS xguest_u:s0:c0.c1028',
+            command=(
+                'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'xguest_u:s0-s0:c0.c1028')
+            ),
+            expected=errors.ValidationError(name='selinuxuser',
+                error=u'Invalid MCS value, must match c[0-1023].c[0-1023] ' +
+                    u'and/or c[0-1023]-c[0-c0123]'),
+        ),
+
+
        dict(
            desc='Create rule with invalid user via setattr',
            command=(