[Freeipa-devel] [PATCH] 903, 287 fix hbac rule/selinuxuser map search for non-admin users
Martin Basti
mbasti at redhat.com
Thu Jul 16 13:18:59 UTC 2015
On 14/07/15 18:50, Petr Vobornik wrote:
> hbacrule has it default attributes (which are used in search) attribute
> 'memberhostgroup'. This attr is not in ACI nor in schema. If the search
> contains an attribute which can't be read then the search won't return
> anything.
>
> Therefore all searches with filter set fail.
>
> Also I don't think this is a proper fix because any custom ACIs will
> cause the bug again. Same issue in
> https://fedorahosted.org/freeipa/ticket/5055
>
> https://fedorahosted.org/freeipa/ticket/5130
>
>
ACK
Patch that fixes the similar issue with selinuxusermap is attached.
--
Martin Basti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150716/71f7eff0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0287-fix-selinuxusermap-search-for-non-admin-users.patch
Type: text/x-patch
Size: 1077 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150716/71f7eff0/attachment.bin>
More information about the Freeipa-devel
mailing list