[PUP-3849] set_selinux_context needs parameter checks Created: 2015/01/14  Updated: 2020/03/04

Status: Accepted
Project: Puppet
Component/s: Types and Providers
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Normal
Reporter: Kylo Ginsberg Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: linux, platform-os, selinux, type_and_provider
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to PUP-3481 Regex problem with an SELinux context... Closed
Team: Night's Watch
QA Contact: Eric Thompson


Snippet from PR review

I'm more concerned abut the set_selinux_context() function, where the 'value' argument isn't being checked for whitespace or colons. At around line 97, if 'value' includes a colon, then when the context is split up based on the colons and joined back together again, the components in the context string will pushed to the left by the new colon added by 'value'. Puppet then gives a cryptic 'can't set the SELinux context' error instead of a better 'SELinux components can't include whitespace or colons' error.

Note when component is false, when value is the entire context replacement string, which can include whitespace in the MLS section will include colons between components, so any checks on value should be in the 'then' clause ~ line 88.

Generated at Sun Jul 12 23:17:41 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.