Restore SELinux context during IPA client uninstallation

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2023-09-12 20:07:54 +03:00 · 2023-09-12 20:07:54 +03:00 · 2aa5a94633
commit 2aa5a94633
parent f52df9fbd5
2 changed files with 34 additions and 1 deletions
--- a/0001-Restore-selinux-states-if-they-exist-at-uninstall-ti.patch
+++ b/0001-Restore-selinux-states-if-they-exist-at-uninstall-ti.patch
@ -0,0 +1,28 @@
+From 499f1e3e996aadbd4f26a90db81a0b1b68b61c57 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Tue, 12 Sep 2023 17:07:52 +0300
+Subject: [PATCH] Restore selinux states if they exist at uninstall time
+
+Related: https://pagure.io/freeipa/issue/9434
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ ipaclient/install/client.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
+index 1aaa4ed60..01a5f2339 100644
+--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
+@@ -3624,7 +3624,7 @@ def uninstall(options):
+                 "Failed to disable automatic startup of the SSSD daemon: %s",
+                 e)
+ 
+-    if was_sssd_installed and selinux_works:
+    if statestore.has_state('selinux'):
+         # Restore SELinux boolean states
+         boolean_states = {name: statestore.restore_state('selinux', name)
+                           for name in constants.SELINUX_BOOLEAN_SSSD}
+-- 
+2.41.0
+
--- a/freeipa.spec
+++ b/freeipa.spec
@ -223,7 +223,7 @@

 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        2%{?rc_version:.%rc_version}%{?dist}
+Release:        3%{?rc_version:.%rc_version}%{?dist}
 Summary:        The Identity, Policy and Audit system

 License:        GPL-3.0-or-later
@ -248,6 +248,7 @@ Source2:        gpgkey-0E63D716D76AC080A4A33513F40800B6298EB963.asc
 # product-name.png
 # RHEL spec file only: END: Change branding to IPA and Identity Management
 Patch0001:      0001-ipa-client-install-enable-SELinux-for-SSSD.patch
+Patch0002:      0001-Restore-selinux-states-if-they-exist-at-uninstall-ti.patch

 # RHEL spec file only: START
 %if %{NON_DEVELOPER_BUILD}
@ -1762,6 +1763,10 @@ fi
 %endif

 %changelog
+* Tue Sep 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-3.beta1
+- Restore properly SELinux context during IPA client uninstallation
+- Related: rhbz#2238474
+
 * Tue Sep 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-2.beta1
 - Set 'sssd_use_usb' SELinux boolean when enrolling IPA client
 - Resolves: rhbz#2238474