From 85fb1d64450fb2f2168406a79877c3b97979ab70 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Mon, 12 Apr 2021 19:52:06 +0200
Subject: [PATCH] selinux: move relabeling to %post/%postun

- move %selinux_relabel_post to %post/%postun
This ensures that the service is assigned the right label before it is started.

- Add "%systemd_postun_with_restart" on first install and uninstall
This is where the daemon binary changes label (policy is added/removed
from the system).

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 mrtg.spec | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/mrtg.spec b/mrtg.spec
index 1fb2f6e..fa8bac3 100644
--- a/mrtg.spec
+++ b/mrtg.spec
@@ -172,14 +172,20 @@ fi
 
 %post selinux
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
+%selinux_relabel_post -s %{selinuxtype}
+
+if [ "$1" -le "1" ]; then # First install
+   # the service needs to be restarted for the custom label to be applied
+   %systemd_postun_with_restart mrtg.service
+fi
 
 %postun selinux
 if [ $1 -eq 0 ]; then
     %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
+    %selinux_relabel_post -s %{selinuxtype}
+    # the service needs to be restarted for the custom label to be removed
+    %systemd_postun_with_restart mrtg.service
 fi
-
-%posttrans selinux
-%selinux_relabel_post -s %{selinuxtype}
 %endif
 
 %files