From 449e333dbf4c803bb179e7d27f08666fd6e333af Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Tue, 18 Nov 2014 10:40:31 +0100
Subject: [PATCH] Do not restore SELinux settings that were not backed up

https://fedorahosted.org/freeipa/ticket/4678

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
---
 ipaplatform/base/tasks.py   | 3 ++-
 ipaplatform/redhat/tasks.py | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index a6684d7653d6de8202a489edb1f7a38f4b344bbc..ab2c50332bce9f6eb95e2cb76aa6f7904b542765 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -146,7 +146,8 @@ class BaseTaskNamespace(object):
 
         :param required_settings: A dictionary mapping the boolean names
                                   to desired_values.
-                                  The desired value can be 'on' or 'off'.
+                                  The desired value can be 'on' or 'off',
+                                  or None to leave the setting unchanged.
 
         :param backup_func: A function called for each boolean with two
                             arguments: the name and the previous value
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 4977e1c7c496e36d56110bcdf040ab5c932d31a2..c01d8cf8b65b3d93ba204b3453f5c65d556723cf 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -366,6 +366,8 @@ class RedHatTaskNamespace(BaseTaskNamespace):
         updated_vars = {}
         failed_vars = {}
         for setting, state in required_settings.iteritems():
+            if state is None:
+                continue
             try:
                 (stdout, stderr, rc) = ipautil.run([paths.GETSEBOOL, setting])
                 original_state = stdout.split()[2]
-- 
2.1.0