From 449e333dbf4c803bb179e7d27f08666fd6e333af Mon Sep 17 00:00:00 2001

From: Petr Viktorin <pviktori@redhat.com>

Date: Tue, 18 Nov 2014 10:40:31 +0100

Subject: [PATCH] Do not restore SELinux settings that were not backed up

https://fedorahosted.org/freeipa/ticket/4678

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>

---

 ipaplatform/base/tasks.py   | 3 ++-

 ipaplatform/redhat/tasks.py | 2 ++

 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py

index a6684d7653d6de8202a489edb1f7a38f4b344bbc..ab2c50332bce9f6eb95e2cb76aa6f7904b542765 100644

--- a/ipaplatform/base/tasks.py

+++ b/ipaplatform/base/tasks.py

@@ -146,7 +146,8 @@ class BaseTaskNamespace(object):

         :param required_settings: A dictionary mapping the boolean names

                                   to desired_values.

-                                  The desired value can be 'on' or 'off'.

+                                  The desired value can be 'on' or 'off',

+                                  or None to leave the setting unchanged.

         :param backup_func: A function called for each boolean with two

                             arguments: the name and the previous value

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py

index 4977e1c7c496e36d56110bcdf040ab5c932d31a2..c01d8cf8b65b3d93ba204b3453f5c65d556723cf 100644

--- a/ipaplatform/redhat/tasks.py

+++ b/ipaplatform/redhat/tasks.py

@@ -366,6 +366,8 @@ class RedHatTaskNamespace(BaseTaskNamespace):

         updated_vars = {}

         failed_vars = {}

         for setting, state in required_settings.iteritems():

+            if state is None:

+                continue

             try:

                 (stdout, stderr, rc) = ipautil.run([paths.GETSEBOOL, setting])

                 original_state = stdout.split()[2]

-- 

2.1.0