From 463e5e73a27bb31e3549c9204efe20555b7cb8dd Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 1 Jun 2018 15:19:35 -0400 Subject: [PATCH] Use replace instead of add to set new default ipaSELinuxUserMapOrder The add was in effect replacing whatever data was already there causing any custom order to be lost on each run of ipa-server-upgrade. https://pagure.io/freeipa/issue/6610 Signed-off-by: Rob Crittenden Reviewed-By: Florence Blanc-Renaud Reviewed-By: Florence Blanc-Renaud --- install/updates/50-ipaconfig.update | 2 +- ipatests/test_integration/test_commands.py | 48 ++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 ipatests/test_integration/test_commands.py diff --git a/install/updates/50-ipaconfig.update b/install/updates/50-ipaconfig.update index 23d2919dbd976c34d9217fc31cca88a0df6c7f5b..18501cb7b8a87377a76bc53b7fe3c469c23e2d41 100644 --- a/install/updates/50-ipaconfig.update +++ b/install/updates/50-ipaconfig.update @@ -1,5 +1,5 @@ dn: cn=ipaConfig,cn=etc,$SUFFIX -add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 +replace: ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023::ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 add:ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023 add:ipaUserObjectClasses: ipasshuser remove:ipaConfigString:AllowLMhash diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py new file mode 100644 index 0000000000000000000000000000000000000000..b2c0d5c710c9810cfd74216983f793808f4cf3c4 --- /dev/null +++ b/ipatests/test_integration/test_commands.py @@ -0,0 +1,48 @@ +# +# Copyright (C) 2018 FreeIPA Contributors see COPYING for license +# +"""Misc test for 'ipa' CLI regressions +""" +from __future__ import absolute_import + +from ipatests.test_integration.base import IntegrationTest + + +class TestIPACommand(IntegrationTest): + """ + A lot of commands can be executed against a single IPA installation + so provide a generic class to execute one-off commands that need to be + tested without having to fire up a full server to run one command. + """ + topology = 'line' + + def test_change_selinuxusermaporder(self): + """ + An update file meant to ensure a more sane default was + overriding any customization done to the order. + """ + maporder = "unconfined_u:s0-s0:c0.c1023" + + # set a new default + result = self.master.run_command( + ["ipa", "config-mod", + "--ipaselinuxusermaporder={}".format(maporder)], + raiseonerr=False + ) + assert result.returncode == 0 + + # apply the update + result = self.master.run_command( + ["ipa-server-upgrade"], + raiseonerr=False + ) + assert result.returncode == 0 + + # ensure result is the same + result = self.master.run_command( + ["ipa", "config-show"], + raiseonerr=False + ) + assert result.returncode == 0 + assert "SELinux user map order: {}".format( + maporder) in result.stdout_text -- 2.14.4