mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
ac1ea0ec67
A previous refactoring of SELinux tests has have a wrong assumption about the user field separator within ipaSELinuxUserMapOrder. That was '$$', but should be just '$'. Actually, '.ldif' and '.update' files are passed through Python template string substitution: > $$ is an escape; it is replaced with a single $. > $identifier names a substitution placeholder matching > a mapping key of "identifier" This means that the text to be substituted on should not be escaped. The wrong ipaSELinuxUserMapOrder previously set will be replaced on upgrade. Fixes: https://pagure.io/freeipa/issue/7996 Fixes: https://pagure.io/freeipa/issue/8005 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
11 lines
906 B
Plaintext
11 lines
906 B
Plaintext
dn: cn=ipaConfig,cn=etc,$SUFFIX
|
|
replace: ipaSELinuxUserMapOrder: guest_u:s0$$$$xguest_u:s0$$$$user_u:s0$$$$staff_u:s0-s0:c0.c1023$$$$sysadm_u:s0-s0:c0.c1023$$$$unconfined_u:s0-s0:c0.c1023::$SELINUX_USERMAP_ORDER
|
|
replace: ipaSELinuxUserMapOrder: ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023::guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
|
|
replace: ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023::guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
|
|
add:ipaSELinuxUserMapDefault: $SELINUX_USERMAP_DEFAULT
|
|
add:ipaUserObjectClasses: ipasshuser
|
|
remove:ipaConfigString:AllowLMhash
|
|
add:objectClass: ipaUserAuthTypeClass
|
|
add:objectClass: ipaNameResolutionData
|
|
addifnew:ipamaxhostnamelength: 64
|