[Freeipa-users] libsemanage updates fail due to AD user with space
Lukas Slebodnik
lslebodn at redhat.com
Tue Apr 4 07:44:04 UTC 2017
On (04/04/17 09:32), Lukas Slebodnik wrote:
>On (04/04/17 10:13), Lachlan Musicman wrote:
>>On 3 April 2017 at 19:11, Jakub Hrozek <jhrozek at redhat.com> wrote:
>>
>>> On Mon, Apr 03, 2017 at 11:00:21AM +1000, Lachlan Musicman wrote:
>>> >
>>> > With SSSD/IPA in use, in a one way trust to AD, and AD users have spaces
>>> in
>>> > their names, libsemanage fails to update:
>>> >
>>> > eg from recent monthly upgrade cycle:
>>> >
>>> > Updating :
>>> > selinux-policy-targeted-3.13.1-102.el7_3.16.noarch
>>> > 3/14
>>> > libsemanage.parse_assert_ch: expected character ':', but found 'f'
>>> > (/etc/selinux/targeted/tmp/seusers.local: 5):
>>> > lastname firstname at domain.com:unconfined_u:s0-s0:c0.c1023 (No such file
>>> or
>>> > directory).
>>> > libsemanage.seuser_parse: could not parse seuser record (No such file or
>>> > directory).
>>> > libsemanage.dbase_file_cache: could not cache file database (No such file
>>> > or directory).
>>> > libsemanage.semanage_base_merge_components: could not merge local
>>> > modifications into policy (No such file or directory).
>>> >
>>>
>>> Hi,
>>> according to my quick testing this is solved with this PR:
>>> https://github.com/SSSD/sssd/pull/189
>This patch will not help with spaces in name.
>
>it need to be fixed in selinux-policy or libsemanage.
>
It looks like it happen with each upgrade of selinux-policy.
I assume it might be some missing quoting in rpm bash scriptlet.
It should not be difficult to reproduce and file a bug.
Feel free to add to CC my mail.
LS
More information about the Freeipa-users
mailing list