[ovs-dev] [PATCH v2 5/5] rhel: selinux-policy to invoke proper label macros
Aaron Conole
aconole at redhat.com
Fri May 4 18:28:18 UTC 2018
The rpm doesn't invoke all of the required selinux helpers to enact labeling
or relabeling on all versions of Fedora/RHEL. According to:
https://fedoraproject.org/wiki/SELinux/IndependentPolicy
This commit switches to use the selinux rpm macros which will ensure that
all of the labels defined in the .fc.in file are applied properly.
Acked-By: Timothy Redaelli <tredaelli at redhat.com>
Signed-off-by: Aaron Conole <aconole at redhat.com>
---
rhel/openvswitch-fedora.spec.in | 10 ++++++++--
rhel/openvswitch.spec.in | 10 ++++++++--
2 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in
index bf4526de2..e7d5d536d 100644
--- a/rhel/openvswitch-fedora.spec.in
+++ b/rhel/openvswitch-fedora.spec.in
@@ -339,6 +339,9 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/ovs-parse-backtrace \
%clean
rm -rf $RPM_BUILD_ROOT
+%pre selinux-policy
+%selinux_relabel_pre -s targeted
+
%preun
%if 0%{?systemd_preun:1}
%systemd_preun %{name}.service
@@ -449,7 +452,7 @@ fi
%endif
%post selinux-policy
-/usr/sbin/semodule -i %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp &> /dev/null || :
+%selinux_modules_install -s targeted %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
%postun
%if 0%{?systemd_postun:1}
@@ -481,9 +484,12 @@ fi
%postun selinux-policy
if [ $1 -eq 0 ] ; then
- /usr/sbin/semodule -r openvswitch-custom &> /dev/null || :
+ %selinux_modules_uninstall -s targeted openvswitch-custom
fi
+%posttrans selinux-policy
+%selinux_relabel_post -s targeted
+
%files selinux-policy
%defattr(-,root,root)
%{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
diff --git a/rhel/openvswitch.spec.in b/rhel/openvswitch.spec.in
index 883d25607..9dca3873b 100644
--- a/rhel/openvswitch.spec.in
+++ b/rhel/openvswitch.spec.in
@@ -169,8 +169,11 @@ fi
/sbin/chkconfig --add openvswitch
/sbin/chkconfig openvswitch on
+%pre selinux-policy
+%selinux_relabel_pre -s targeted
+
%post selinux-policy
-/usr/sbin/semodule -i %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp &> /dev/null || :
+%selinux_modules_install -s targeted %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
%preun
if [ "$1" = "0" ]; then # $1 = 0 for uninstall
@@ -187,11 +190,14 @@ fi
%postun selinux-policy
if [ $1 -eq 0 ] ; then
- /usr/sbin/semodule -r openvswitch-custom &> /dev/null || :
+ %selinux_modules_uninstall -s targeted openvswitch-custom
fi
exit 0
+%posttrans selinux-policy
+%selinux_relabel_post -s targeted
+
%files
%defattr(-,root,root)
%dir /etc/openvswitch
--
2.14.3
More information about the dev
mailing list