From 2aa5a946335d9b95616bbb04d4be470bd25484df Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 12 Sep 2023 20:07:54 +0300
Subject: [PATCH] Restore SELinux context during IPA client uninstallation

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
 ...states-if-they-exist-at-uninstall-ti.patch | 28 +++++++++++++++++++
 freeipa.spec                                  |  7 ++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 0001-Restore-selinux-states-if-they-exist-at-uninstall-ti.patch

diff --git a/0001-Restore-selinux-states-if-they-exist-at-uninstall-ti.patch b/0001-Restore-selinux-states-if-they-exist-at-uninstall-ti.patch
new file mode 100644
index 0000000..3bd93d1
--- /dev/null
+++ b/0001-Restore-selinux-states-if-they-exist-at-uninstall-ti.patch
@@ -0,0 +1,28 @@
+From 499f1e3e996aadbd4f26a90db81a0b1b68b61c57 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Tue, 12 Sep 2023 17:07:52 +0300
+Subject: [PATCH] Restore selinux states if they exist at uninstall time
+
+Related: https://pagure.io/freeipa/issue/9434
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ ipaclient/install/client.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
+index 1aaa4ed60..01a5f2339 100644
+--- a/ipaclient/install/client.py
++++ b/ipaclient/install/client.py
+@@ -3624,7 +3624,7 @@ def uninstall(options):
+                 "Failed to disable automatic startup of the SSSD daemon: %s",
+                 e)
+ 
+-    if was_sssd_installed and selinux_works:
++    if statestore.has_state('selinux'):
+         # Restore SELinux boolean states
+         boolean_states = {name: statestore.restore_state('selinux', name)
+                           for name in constants.SELINUX_BOOLEAN_SSSD}
+-- 
+2.41.0
+
diff --git a/freeipa.spec b/freeipa.spec
index 6363417..db7ccf7 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -223,7 +223,7 @@
 
 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        2%{?rc_version:.%rc_version}%{?dist}
+Release:        3%{?rc_version:.%rc_version}%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 License:        GPL-3.0-or-later
@@ -248,6 +248,7 @@ Source2:        gpgkey-0E63D716D76AC080A4A33513F40800B6298EB963.asc
 # product-name.png
 # RHEL spec file only: END: Change branding to IPA and Identity Management
 Patch0001:      0001-ipa-client-install-enable-SELinux-for-SSSD.patch
+Patch0002:      0001-Restore-selinux-states-if-they-exist-at-uninstall-ti.patch
 
 # RHEL spec file only: START
 %if %{NON_DEVELOPER_BUILD}
@@ -1762,6 +1763,10 @@ fi
 %endif
 
 %changelog
+* Tue Sep 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-3.beta1
+- Restore properly SELinux context during IPA client uninstallation
+- Related: rhbz#2238474
+
 * Tue Sep 12 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-2.beta1
 - Set 'sssd_use_usb' SELinux boolean when enrolling IPA client
 - Resolves: rhbz#2238474