IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

selinux: disable ipa_custodia when installing custom policy

Browse Source 
Since ipa_custodia got integrated into ipa policy package, the upstream policy
module needs to be disabled before ipa module installation (in order to be able
to make changes to the ipa_custodia policy definitions).
Upstream ipa module gets overridden automatically because of higher priority of
the custom module, but there is no mechanism to automatically disable
ipa_custodia.

Related: https://pagure.io/freeipa/issue/6891
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Vit Mojzis 2020-03-23 18:22:41 +01:00 committed by Alexander Bokovoy
parent 4a3b7baed7
commit 3aad16a75e
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
freeipa.spec.in
View File

@ -1037,11 +1037,13 @@ fi
%selinux_relabel_pre -s %{selinuxtype}
%post selinux
semodule -d ipa_custodia &> /dev/null || true;
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
semodule -e ipa_custodia &> /dev/null || true;
fi
%posttrans selinux