Skip to content

Commit

Permalink
rhel: selinux-policy to invoke proper label macros
Browse files Browse the repository at this point in the history 
The rpm doesn't invoke all of the required selinux helpers to enact labeling
or relabeling on all versions of Fedora/RHEL.  According to:
  https://fedoraproject.org/wiki/SELinux/IndependentPolicy

This commit switches to use the selinux rpm macros which will ensure that
all of the labels defined in the .fc.in file are applied properly.

Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
  • Loading branch information
@apconole
apconole authored and Ansis Atteka committed Jun 18, 2018
1 parent a0efb7c commit 21aade7
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 4 deletions.
10 changes: 8 additions & 2 deletions rhel/openvswitch-fedora.spec.in
View file
Expand Up @@ -342,6 +342,9 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/ovs-parse-backtrace \
%clean
rm -rf $RPM_BUILD_ROOT

%pre selinux-policy
%selinux_relabel_pre -s targeted

%preun
%if 0%{?systemd_preun:1}
%systemd_preun %{name}.service
Expand Down Expand Up @@ -452,7 +455,7 @@ fi
%endif

%post selinux-policy
/usr/sbin/semodule -i %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp &> /dev/null || :
%selinux_modules_install -s targeted %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp

%postun
%if 0%{?systemd_postun:1}
Expand Down Expand Up @@ -484,9 +487,12 @@ fi

%postun selinux-policy
if [ $1 -eq 0 ] ; then
/usr/sbin/semodule -r openvswitch-custom &> /dev/null || :
%selinux_modules_uninstall -s targeted openvswitch-custom
fi

%posttrans selinux-policy
%selinux_relabel_post -s targeted

%files selinux-policy
%defattr(-,root,root)
%{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
Expand Down
10 changes: 8 additions & 2 deletions rhel/openvswitch.spec.in
View file
Expand Up @@ -170,8 +170,11 @@ fi
/sbin/chkconfig --add openvswitch
/sbin/chkconfig openvswitch on

%pre selinux-policy
%selinux_relabel_pre -s targeted

%post selinux-policy
/usr/sbin/semodule -i %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp &> /dev/null || :
%selinux_modules_install -s targeted %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp

%preun
if [ "$1" = "0" ]; then # $1 = 0 for uninstall
Expand All @@ -188,11 +191,14 @@ fi

%postun selinux-policy
if [ $1 -eq 0 ] ; then
/usr/sbin/semodule -r openvswitch-custom &> /dev/null || :
%selinux_modules_uninstall -s targeted openvswitch-custom
fi

exit 0

%posttrans selinux-policy
%selinux_relabel_post -s targeted

%files
%defattr(-,root,root)
%dir /etc/openvswitch
Expand Down

0 comments on commit 21aade7

Please sign in to comment.