On (04/04/17 09:32), Lukas Slebodnik wrote: >On (04/04/17 10:13), Lachlan Musicman wrote: >>On 3 April 2017 at 19:11, Jakub Hrozek <jhro...@redhat.com> wrote: >> >>> On Mon, Apr 03, 2017 at 11:00:21AM +1000, Lachlan Musicman wrote: >>> > >>> > With SSSD/IPA in use, in a one way trust to AD, and AD users have spaces >>> in >>> > their names, libsemanage fails to update: >>> > >>> > eg from recent monthly upgrade cycle: >>> > >>> > Updating : >>> > selinux-policy-targeted-3.13.1-102.el7_3.16.noarch >>> > 3/14 >>> > libsemanage.parse_assert_ch: expected character ':', but found 'f' >>> > (/etc/selinux/targeted/tmp/seusers.local: 5): >>> > lastname firstn...@domain.com:unconfined_u:s0-s0:c0.c1023 (No such file >>> or >>> > directory). >>> > libsemanage.seuser_parse: could not parse seuser record (No such file or >>> > directory). >>> > libsemanage.dbase_file_cache: could not cache file database (No such file >>> > or directory). >>> > libsemanage.semanage_base_merge_components: could not merge local >>> > modifications into policy (No such file or directory). >>> > >>> >>> Hi, >>> according to my quick testing this is solved with this PR: >>> https://github.com/SSSD/sssd/pull/189 >This patch will not help with spaces in name. > >it need to be fixed in selinux-policy or libsemanage. >
It looks like it happen with each upgrade of selinux-policy. I assume it might be some missing quoting in rpm bash scriptlet. It should not be difficult to reproduce and file a bug. Feel free to add to CC my mail. LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project