selinux: move relabeling to %post/%postun

- move %selinux_relabel_post to %post/%postun This ensures that the service is assigned the right label before it is started. - Add "%systemd_postun_with_restart" on first install and uninstall This is where the daemon binary changes label (policy is added/removed from the system). Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2021-04-12 19:52:06 +02:00 · 2021-04-12 19:52:06 +02:00 · 85fb1d6445
commit 85fb1d6445
parent aedca7c2ae
1 changed files with 9 additions and 3 deletions
--- a/mrtg.spec
+++ b/mrtg.spec
@ -172,14 +172,20 @@ fi

 %post selinux
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
+%selinux_relabel_post -s %{selinuxtype}
+
+if [ "$1" -le "1" ]; then # First install
+   # the service needs to be restarted for the custom label to be applied
+   %systemd_postun_with_restart mrtg.service
+fi

 %postun selinux
 if [ $1 -eq 0 ]; then
    %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
+    %selinux_relabel_post -s %{selinuxtype}
+    # the service needs to be restarted for the custom label to be removed
+    %systemd_postun_with_restart mrtg.service
 fi
-
-%posttrans selinux
-%selinux_relabel_post -s %{selinuxtype}
 %endif

 %files