Use selinux macros in post install scripts

2019-11-29 06:53:56 -05:00 · 2019-11-29 06:53:56 -05:00 · c36566c4ae
commit c36566c4ae
parent c10fcb7be3
1 changed files with 9 additions and 18 deletions
--- a/container-selinux.spec
+++ b/container-selinux.spec
@ -16,9 +16,6 @@
 # Format must contain '$x' somewhere to do anything useful
 %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
 # Relabel files
 %global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || :
 # Version of SELinux we were using
 %global selinux_policyver 3.13.1-220
@ -28,7 +25,7 @@ Name: container-selinux
 Epoch: 2
 %endif
 Version: 2.123.0
-Release: 0.1.dev.git%{shortcommit0}%{?dist}
+Release: 0.2.dev.git%{shortcommit0}%{?dist}
 License: GPLv2
 URL: %{git0}
 Summary: SELinux policies for container runtimes
@ -80,28 +77,19 @@ fi
 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
 %{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null
 %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
-%{_sbindir}/semodule -n -X 200 -s %{selinuxtype} -i $MODULES > /dev/null
+%selinux_modules_install -s %{selinuxtype} $MODULES
 if %{_sbindir}/selinuxenabled ; then
    %{_sbindir}/load_policy
    %relabel_files
    if [ $1 -eq 1 ]; then
      restorecon -R %{_sharedstatedir}/docker &> /dev/null || :
      restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
    fi
 fi
 . %{_sysconfdir}/selinux/config
 sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types 
 matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
 %postun
 if [ $1 -eq 0 ]; then
-%{_sbindir}/semodule -n -r %{modulenames} &> /dev/null || :
+   %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
 if %{_sbindir}/selinuxenabled ; then
 %{_sbindir}/load_policy
 %relabel_files
 fi
 fi
 %posttrans
 %selinux_relabel_post -s %{selinuxtype}
 #define license tag if not already defined
 %{!?_licensedir:%global license %doc}
@ -111,6 +99,9 @@ fi
 # Hooked up to autobuilder, please check with @lsm5 before updating
 %changelog
 * Fri Nov 29 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.123.0-0.2.dev.git661a904
 - Use selinux macros in post install scripts
 * Mon Nov 25 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.123.0-0.1.dev.git661a904
 - bump to 2.123.0
 - autobuilt 661a904