URL: https://github.com/freeipa/freeipa/pull/4422 Author: abbra Title: #4422: [Backport][ipa-4-8] selinux: disable ipa_custodia when installing custom policy Action: opened
PR body: """ This PR was opened automatically because PR #4418 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4422/head:pr4422 git checkout pr4422
From 2f46ad9e6ee5b4be64af759a1595ec092c9ec7f5 Mon Sep 17 00:00:00 2001 From: Vit Mojzis <vmoj...@redhat.com> Date: Mon, 23 Mar 2020 18:22:41 +0100 Subject: [PATCH] selinux: disable ipa_custodia when installing custom policy Since ipa_custodia got integrated into ipa policy package, the upstream policy module needs to be disabled before ipa module installation (in order to be able to make changes to the ipa_custodia policy definitions). Upstream ipa module gets overridden automatically because of higher priority of the custom module, but there is no mechanism to automatically disable ipa_custodia. Related: https://pagure.io/freeipa/issue/6891 --- freeipa.spec.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index 7d716a1392..e05d6b1538 100755 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1032,11 +1032,13 @@ fi %selinux_relabel_pre -s %{selinuxtype} %post selinux +semodule -d ipa_custodia &> /dev/null || true; %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2 %postun selinux if [ $1 -eq 0 ]; then %selinux_modules_uninstall -s %{selinuxtype} %{modulename} + semodule -e ipa_custodia &> /dev/null || true; fi %posttrans selinux
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org