[Freeipa-devel] [PATCH] 903, 287 fix hbac rule/selinuxuser map search for non-admin users
Petr Vobornik
pvoborni at redhat.com
Thu Jul 16 13:39:36 UTC 2015
On 07/16/2015 03:18 PM, Martin Basti wrote:
> On 14/07/15 18:50, Petr Vobornik wrote:
>> hbacrule has it default attributes (which are used in search) attribute
>> 'memberhostgroup'. This attr is not in ACI nor in schema. If the search
>> contains an attribute which can't be read then the search won't return
>> anything.
>>
>> Therefore all searches with filter set fail.
>>
>> Also I don't think this is a proper fix because any custom ACIs will
>> cause the bug again. Same issue in
>> https://fedorahosted.org/freeipa/ticket/5055
>>
>> https://fedorahosted.org/freeipa/ticket/5130
>>
>>
> ACK
Pushed to:
master: 2e80645ef21ff6dbcc1645caacda02e8aac8226a
ipa-4-2: 6ead80d9ba6b775a6df3ba76b4d717050311b762
>
> Patch that fixes the similar issue with selinuxusermap is attached.
>
ACK
Pushed to:
master: a0ce9e6b09f8e35284bc8c97bd63d1e019ca8142
ipa-4-2: c10de0aa91a5a10588aec56955f77bb636162efc
--
Petr Vobornik
More information about the Freeipa-devel
mailing list