From 45879303cf05bab27e6a95bc84a97db9ef3ccacd Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 29 Sep 2020 14:04:30 +0300
Subject: [PATCH] Properly handle upgrade when systemd-resolved is enabled

---
 ....8.10-systemd-resolved-selinux-fixes.patch | 36 +++++++++++++++++++
 freeipa.spec                                  |  6 +++-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 freeipa-4.8.10-systemd-resolved-selinux-fixes.patch

diff --git a/freeipa-4.8.10-systemd-resolved-selinux-fixes.patch b/freeipa-4.8.10-systemd-resolved-selinux-fixes.patch
new file mode 100644
index 0000000..e629a5d
--- /dev/null
+++ b/freeipa-4.8.10-systemd-resolved-selinux-fixes.patch
@@ -0,0 +1,36 @@
+From 8b2002cc7e2e0400e1afa3a21963a22947c7a908 Mon Sep 17 00:00:00 2001
+From: Christian Heimes <cheimes@redhat.com>
+Date: Tue, 29 Sep 2020 10:39:01 +0200
+Subject: [PATCH] configure_dns_resolver: call self.restore_context
+
+Use the platform implementation of restore_context() instead of the base
+implementation.
+
+Fixes: https://pagure.io/freeipa/issue/8518
+Signed-off-by: Christian Heimes <cheimes@redhat.com>
+---
+ ipaplatform/base/tasks.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
+index adf320b700..4387e0e12f 100644
+--- a/ipaplatform/base/tasks.py
++++ b/ipaplatform/base/tasks.py
+@@ -340,7 +340,7 @@ def configure_dns_resolver(self, nameservers, searchdomains, *,
+                 os.mkdir(confd)
+                 # owned by root, readable by systemd-resolve user
+                 os.chmod(confd, 0o755)
+-                tasks.restore_context(confd, force=True)
++                self.restore_context(confd, force=True)
+ 
+             cfg = RESOLVE1_IPA_CONF.format(
+                 searchdomains=" ".join(searchdomains)
+@@ -349,7 +349,7 @@ def configure_dns_resolver(self, nameservers, searchdomains, *,
+                 os.fchmod(f.fileno(), 0o644)
+                 f.write(cfg)
+ 
+-            tasks.restore_context(
++            self.restore_context(
+                 paths.SYSTEMD_RESOLVED_IPA_CONF, force=True
+             )
+ 
diff --git a/freeipa.spec b/freeipa.spec
index 9b19c99..8e14a7b 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -161,7 +161,7 @@
 
 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 License:        GPLv3+
@@ -170,6 +170,7 @@ Source0:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz
 Source1:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.asc
 Patch0:         freeipa-4.8.10-systemd-resolved.patch
 Patch1:         freeipa-4.8.10-systemd-resolved-configuration.patch
+Patch2:         freeipa-4.8.10-systemd-resolved-selinux-fixes.patch
 
 # For the timestamp trick in patch application
 BuildRequires:  diffstat
@@ -1529,6 +1530,9 @@ fi
 %endif
 
 %changelog
+* Tue Sep 29 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.10-5
+- Properly handle upgrade case when systemd-resolved is enabled
+
 * Mon Sep 28 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.10-4
 - Fix permissions for /etc/systemd/resolved.conf.d/zzz-ipa.conf
 - Add NetworkManager and systemd-resolved configuration files to backup