Use replace instead of add to set new default ipaSELinuxUserMapOrder

The add was in effect replacing whatever data was already there causing any custom order to be lost on each run of ipa-server-upgrade. https://pagure.io/freeipa/issue/6610 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-06-01 15:19:35 -04:00 · 2018-06-01 15:19:35 -04:00 · f976f6cfd8
commit f976f6cfd8
parent 2b3eb5c567
2 changed files with 32 additions and 1 deletions
--- a/install/updates/50-ipaconfig.update
+++ b/install/updates/50-ipaconfig.update
@ -1,5 +1,5 @@
 dn: cn=ipaConfig,cn=etc,$SUFFIX
-add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
+replace: ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023::ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
 add:ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
 add:ipaUserObjectClasses: ipasshuser
 remove:ipaConfigString:AllowLMhash
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@ -133,3 +133,34 @@ class TestIPACommand(IntegrationTest):

        tasks.ldappasswd_sysaccount_change(sysuser, original_passwd,
                                           new_passwd, master)
+
+    def test_change_selinuxusermaporder(self):
+        """
+        An update file meant to ensure a more sane default was
+        overriding any customization done to the order.
+        """
+        maporder = "unconfined_u:s0-s0:c0.c1023"
+
+        # set a new default
+        result = self.master.run_command(
+            ["ipa", "config-mod",
+             "--ipaselinuxusermaporder={}".format(maporder)],
+            raiseonerr=False
+        )
+        assert result.returncode == 0
+
+        # apply the update
+        result = self.master.run_command(
+            ["ipa-server-upgrade"],
+            raiseonerr=False
+        )
+        assert result.returncode == 0
+
+        # ensure result is the same
+        result = self.master.run_command(
+            ["ipa", "config-show"],
+            raiseonerr=False
+        )
+        assert result.returncode == 0
+        assert "SELinux user map order: {}".format(
+            maporder) in result.stdout_text