|
|
f65af0 |
From 463e5e73a27bb31e3549c9204efe20555b7cb8dd Mon Sep 17 00:00:00 2001
|
|
|
f65af0 |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
f65af0 |
Date: Fri, 1 Jun 2018 15:19:35 -0400
|
|
|
f65af0 |
Subject: [PATCH] Use replace instead of add to set new default
|
|
|
f65af0 |
ipaSELinuxUserMapOrder
|
|
|
f65af0 |
|
|
|
f65af0 |
The add was in effect replacing whatever data was already there
|
|
|
f65af0 |
causing any custom order to be lost on each run of
|
|
|
f65af0 |
ipa-server-upgrade.
|
|
|
f65af0 |
|
|
|
f65af0 |
https://pagure.io/freeipa/issue/6610
|
|
|
f65af0 |
|
|
|
f65af0 |
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
|
f65af0 |
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
|
|
f65af0 |
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
|
|
f65af0 |
---
|
|
|
f65af0 |
install/updates/50-ipaconfig.update | 2 +-
|
|
|
f65af0 |
ipatests/test_integration/test_commands.py | 48 ++++++++++++++++++++++++++++++
|
|
|
f65af0 |
2 files changed, 49 insertions(+), 1 deletion(-)
|
|
|
f65af0 |
create mode 100644 ipatests/test_integration/test_commands.py
|
|
|
f65af0 |
|
|
|
f65af0 |
diff --git a/install/updates/50-ipaconfig.update b/install/updates/50-ipaconfig.update
|
|
|
f65af0 |
index 23d2919dbd976c34d9217fc31cca88a0df6c7f5b..18501cb7b8a87377a76bc53b7fe3c469c23e2d41 100644
|
|
|
f65af0 |
--- a/install/updates/50-ipaconfig.update
|
|
|
f65af0 |
+++ b/install/updates/50-ipaconfig.update
|
|
|
f65af0 |
@@ -1,5 +1,5 @@
|
|
|
f65af0 |
dn: cn=ipaConfig,cn=etc,$SUFFIX
|
|
|
f65af0 |
-add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
|
|
|
f65af0 |
+replace: ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023::ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
|
|
|
f65af0 |
add:ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
|
|
|
f65af0 |
add:ipaUserObjectClasses: ipasshuser
|
|
|
f65af0 |
remove:ipaConfigString:AllowLMhash
|
|
|
f65af0 |
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
|
|
|
f65af0 |
new file mode 100644
|
|
|
f65af0 |
index 0000000000000000000000000000000000000000..b2c0d5c710c9810cfd74216983f793808f4cf3c4
|
|
|
f65af0 |
--- /dev/null
|
|
|
f65af0 |
+++ b/ipatests/test_integration/test_commands.py
|
|
|
f65af0 |
@@ -0,0 +1,48 @@
|
|
|
f65af0 |
+#
|
|
|
f65af0 |
+# Copyright (C) 2018 FreeIPA Contributors see COPYING for license
|
|
|
f65af0 |
+#
|
|
|
f65af0 |
+"""Misc test for 'ipa' CLI regressions
|
|
|
f65af0 |
+"""
|
|
|
f65af0 |
+from __future__ import absolute_import
|
|
|
f65af0 |
+
|
|
|
f65af0 |
+from ipatests.test_integration.base import IntegrationTest
|
|
|
f65af0 |
+
|
|
|
f65af0 |
+
|
|
|
f65af0 |
+class TestIPACommand(IntegrationTest):
|
|
|
f65af0 |
+ """
|
|
|
f65af0 |
+ A lot of commands can be executed against a single IPA installation
|
|
|
f65af0 |
+ so provide a generic class to execute one-off commands that need to be
|
|
|
f65af0 |
+ tested without having to fire up a full server to run one command.
|
|
|
f65af0 |
+ """
|
|
|
f65af0 |
+ topology = 'line'
|
|
|
f65af0 |
+
|
|
|
f65af0 |
+ def test_change_selinuxusermaporder(self):
|
|
|
f65af0 |
+ """
|
|
|
f65af0 |
+ An update file meant to ensure a more sane default was
|
|
|
f65af0 |
+ overriding any customization done to the order.
|
|
|
f65af0 |
+ """
|
|
|
f65af0 |
+ maporder = "unconfined_u:s0-s0:c0.c1023"
|
|
|
f65af0 |
+
|
|
|
f65af0 |
+ # set a new default
|
|
|
f65af0 |
+ result = self.master.run_command(
|
|
|
f65af0 |
+ ["ipa", "config-mod",
|
|
|
f65af0 |
+ "--ipaselinuxusermaporder={}".format(maporder)],
|
|
|
f65af0 |
+ raiseonerr=False
|
|
|
f65af0 |
+ )
|
|
|
f65af0 |
+ assert result.returncode == 0
|
|
|
f65af0 |
+
|
|
|
f65af0 |
+ # apply the update
|
|
|
f65af0 |
+ result = self.master.run_command(
|
|
|
f65af0 |
+ ["ipa-server-upgrade"],
|
|
|
f65af0 |
+ raiseonerr=False
|
|
|
f65af0 |
+ )
|
|
|
f65af0 |
+ assert result.returncode == 0
|
|
|
f65af0 |
+
|
|
|
f65af0 |
+ # ensure result is the same
|
|
|
f65af0 |
+ result = self.master.run_command(
|
|
|
f65af0 |
+ ["ipa", "config-show"],
|
|
|
f65af0 |
+ raiseonerr=False
|
|
|
f65af0 |
+ )
|
|
|
f65af0 |
+ assert result.returncode == 0
|
|
|
f65af0 |
+ assert "SELinux user map order: {}".format(
|
|
|
f65af0 |
+ maporder) in result.stdout_text
|
|
|
f65af0 |
--
|
|
|
f65af0 |
2.14.4
|
|
|
f65af0 |
|