From 785e80c4fc0804812a148977cf42ea1f626ecece Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 28 Aug 2012 17:14:28 -0400
Subject: Restrict the SELinux user map user MLS value to 0-1023

https://fedorahosted.org/freeipa/ticket/3001
---
 tests/test_xmlrpc/test_selinuxusermap_plugin.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'tests/test_xmlrpc')

diff --git a/tests/test_xmlrpc/test_selinuxusermap_plugin.py b/tests/test_xmlrpc/test_selinuxusermap_plugin.py
index 06ad751a..b4482941 100644
--- a/tests/test_xmlrpc/test_selinuxusermap_plugin.py
+++ b/tests/test_xmlrpc/test_selinuxusermap_plugin.py
@@ -643,6 +643,17 @@ class test_selinuxusermap(Declarative):
         ),
 
 
+        dict(
+            desc='Create rule with invalid MLS xguest_u:s0:c0.c1028',
+            command=(
+                'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'xguest_u:s0-s0:c0.c1028')
+            ),
+            expected=errors.ValidationError(name='selinuxuser',
+                error=u'Invalid MCS value, must match c[0-1023].c[0-1023] ' +
+                    u'and/or c[0-1023]-c[0-c0123]'),
+        ),
+
+
         dict(
             desc='Create rule with invalid user via setattr',
             command=(
-- 
cgit