I do not think this is a regression. The problem here is that this permission in RHEL 6.4 is different and now has both `subtree' and `filter' parts:

RHEL 6.3:
# ipa permission-show "Add Automount Keys"
  Permission name: Add Automount keys
  Permissions: add
>>Subtree: ldap:///automountkey=*,automountmapname=*,cn=automount,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
  Granted to Privilege: Automount Administrators

RHEL 6.4:
# ipa permission-show "Add Automount Keys"
  Permission name: Add Automount keys
  Permissions: add
>>Filter: (objectclass=automount)
>>Subtree: ldap:///automountmapname=*,cn=automount,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
  Granted to Privilege: Automount Administrators
  Indirect Member of roles: IT Specialist

These 2 fields are colliding and prevents modification of the entry. If RHEL 6.3 permission have filter too, it would also raise this error:

# ipa permission-mod "Add Automount Keys" --filter '(objectclass=automount)'
ipa: ERROR: invalid 'target': type, filter, subtree and targetgroup are mutually exclusive

There is a logged RFE to fix this behavior (Bug 788645).

So is this a not a bug? Does it require some kind of release note?

It is a bug, but it has always been there (though not reproducing for this particular permission (Add Automount Keys)). I would personally simply just move this bug to RHEL-7 as the RFE that would fix it is also scheduled for RHEL-7.

I am linking this Bugzilla to the upstream ticket:
https://fedorahosted.org/freeipa/ticket/2355

*** Bug 894378 has been marked as a duplicate of this bug. ***

Fixed upstream as a part of permission plugin refactoring (https://fedorahosted.org/freeipa/ticket/4034):

423bb38965ce361c3a4d373ddc03008842f110ac Test adding noaci/system permissions to privileges
d38748d64f5c7fb098b839b3c00a1f812d510d3b Make sure SYSTEM permissions can be retreived with --all --raw
7fc35ced1d83d9901f4a1bf59482c3c4666d6079 permission plugin: Ensure ipapermlocation (subtree) always exists
53caa7aca21b097e1ca975c1c4b4e7038558bc9b Roll back ACI changes on failed permission updates
f47669a5b969a512756a39f451f04ed9c95ce3ab Verify ACIs are added correctly in tests
d7ee87cfa1e288fe18dc2dbeb2d691753048f4db Rewrite the Permission plugin
445634d6ac39669cc007871861e19e15ae22c12d Add new permission schema
8ddb5da1eab910d5dd6eb13696bb6092e979d5a1 Add tests for permission plugin with older clients
a1236b654200ba79ba0074ca88ff5972802fed56 Allow Declarative test classes to specify the API version
a8ba5e0ef9fa92fb465aab8c25947f5717f4b3cb Allow sets for initialization of frozenset-typed Param keywords

In 7.1, "Add Automount Keys" is now a Managed Permission, and is named "System: Add Automount Keys"

From http://www.freeipa.org/page/V4/Managed_Read_permissions , these Managed permissions cannot be modified.


# ipa permission-mod "System: Add Automount Keys" --permissions=add --permissions=write --attrs=
ipa: ERROR: invalid 'ipapermright': not modifiable on managed permissions

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html