URL: https://github.com/freeipa/freeipa/pull/2008 Author: rcritten Title: #2008: [Backport][ipa-4-6] Use replace instead of add to set new default ipaSELinuxUserMapOrder Action: opened
PR body: """ The add was in effect replacing whatever data was already there causing any custom order to be lost on each run of ipa-server-upgrade. https://pagure.io/freeipa/issue/6610 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> Reviewed-By: Florence Blanc-Renaud <fren...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2008/head:pr2008 git checkout pr2008
From e7a1f358f8cf47ab59eef310bc37e75b7a21f5f5 Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Fri, 1 Jun 2018 15:19:35 -0400 Subject: [PATCH] Use replace instead of add to set new default ipaSELinuxUserMapOrder The add was in effect replacing whatever data was already there causing any custom order to be lost on each run of ipa-server-upgrade. https://pagure.io/freeipa/issue/6610 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> Reviewed-By: Florence Blanc-Renaud <fren...@redhat.com> --- install/updates/50-ipaconfig.update | 2 +- ipatests/test_integration/test_commands.py | 56 ++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 ipatests/test_integration/test_commands.py diff --git a/install/updates/50-ipaconfig.update b/install/updates/50-ipaconfig.update index 23d2919dbd..18501cb7b8 100644 --- a/install/updates/50-ipaconfig.update +++ b/install/updates/50-ipaconfig.update @@ -1,5 +1,5 @@ dn: cn=ipaConfig,cn=etc,$SUFFIX -add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 +replace: ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023::ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 add:ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023 add:ipaUserObjectClasses: ipasshuser remove:ipaConfigString:AllowLMhash diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py new file mode 100644 index 0000000000..aaf4eafd03 --- /dev/null +++ b/ipatests/test_integration/test_commands.py @@ -0,0 +1,56 @@ +# +# Copyright (C) 2018 FreeIPA Contributors see COPYING for license +# +"""Misc test for 'ipa' CLI regressions +""" +from __future__ import absolute_import + +import base64 +import ssl +from tempfile import NamedTemporaryFile +import textwrap + +from ipaplatform.paths import paths + +from ipatests.test_integration.base import IntegrationTest +from ipatests.pytest_plugins.integration import tasks + + +class TestIPACommand(IntegrationTest): + """ + A lot of commands can be executed against a single IPA installation + so provide a generic class to execute one-off commands that need to be + tested without having to fire up a full server to run one command. + """ + topology = 'line' + + def test_change_selinuxusermaporder(self): + """ + An update file meant to ensure a more sane default was + overriding any customization done to the order. + """ + maporder = "unconfined_u:s0-s0:c0.c1023" + + # set a new default + result = self.master.run_command( + ["ipa", "config-mod", + "--ipaselinuxusermaporder={}".format(maporder)], + raiseonerr=False + ) + assert result.returncode == 0 + + # apply the update + result = self.master.run_command( + ["ipa-server-upgrade"], + raiseonerr=False + ) + assert result.returncode == 0 + + # ensure result is the same + result = self.master.run_command( + ["ipa", "config-show"], + raiseonerr=False + ) + assert result.returncode == 0 + assert "SELinux user map order: {}".format( + maporder) in result.stdout_text
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/MTAEXYXQZSLPWSRPVE56YO3AW4TBTINT/
