From 21aade70f3e0af30696569a30fc6a16115219a08 Mon Sep 17 00:00:00 2001
From: Aaron Conole <aconole@redhat.com>
Date: Fri, 1 Jun 2018 14:28:49 -0400
Subject: [PATCH] rhel: selinux-policy to invoke proper label macros

The rpm doesn't invoke all of the required selinux helpers to enact labeling
or relabeling on all versions of Fedora/RHEL.  According to:
  https://fedoraproject.org/wiki/SELinux/IndependentPolicy

This commit switches to use the selinux rpm macros which will ensure that
all of the labels defined in the .fc.in file are applied properly.

Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
---
 rhel/openvswitch-fedora.spec.in | 10 ++++++++--
 rhel/openvswitch.spec.in        | 10 ++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in
index f3a000ea1f6..2a4ef5dc76c 100644
--- a/rhel/openvswitch-fedora.spec.in
+++ b/rhel/openvswitch-fedora.spec.in
@@ -342,6 +342,9 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/ovs-parse-backtrace \
 %clean
 rm -rf $RPM_BUILD_ROOT
 
+%pre selinux-policy
+%selinux_relabel_pre -s targeted
+
 %preun
 %if 0%{?systemd_preun:1}
     %systemd_preun %{name}.service
@@ -452,7 +455,7 @@ fi
 %endif
 
 %post selinux-policy
-/usr/sbin/semodule -i %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp &> /dev/null || :
+%selinux_modules_install -s targeted %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
 
 %postun
 %if 0%{?systemd_postun:1}
@@ -484,9 +487,12 @@ fi
 
 %postun selinux-policy
 if [ $1 -eq 0 ] ; then
-  /usr/sbin/semodule -r openvswitch-custom &> /dev/null || :
+  %selinux_modules_uninstall -s targeted openvswitch-custom
 fi
 
+%posttrans selinux-policy
+%selinux_relabel_post -s targeted
+
 %files selinux-policy
 %defattr(-,root,root)
 %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
diff --git a/rhel/openvswitch.spec.in b/rhel/openvswitch.spec.in
index eaf4605bcd3..084a4aae617 100644
--- a/rhel/openvswitch.spec.in
+++ b/rhel/openvswitch.spec.in
@@ -170,8 +170,11 @@ fi
 /sbin/chkconfig --add openvswitch
 /sbin/chkconfig openvswitch on
 
+%pre selinux-policy
+%selinux_relabel_pre -s targeted
+
 %post selinux-policy
-/usr/sbin/semodule -i %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp &> /dev/null || :
+%selinux_modules_install -s targeted %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
 
 %preun
 if [ "$1" = "0" ]; then     # $1 = 0 for uninstall
@@ -188,11 +191,14 @@ fi
 
 %postun selinux-policy
 if [ $1 -eq 0 ] ; then
-  /usr/sbin/semodule -r openvswitch-custom &> /dev/null || :
+  %selinux_modules_uninstall -s targeted openvswitch-custom
 fi
 
 exit 0
 
+%posttrans selinux-policy
+%selinux_relabel_post -s targeted
+
 %files
 %defattr(-,root,root)
 %dir /etc/openvswitch