selinux: move relabeling to %post/%postun
- move %selinux_relabel_post to %post/%postun This ensures that the service is assigned the right label before it is started. - Add "%systemd_postun_with_restart" on first install and uninstall This is where the daemon binary changes label (policy is added/removed from the system). Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
This commit is contained in:
Vit Mojzis
parent
aedca7c2ae
commit
85fb1d6445
12
mrtg.spec
12
mrtg.spec
@ -172,14 +172,20 @@ fi
|
|||||||
|
|
||||||
%post selinux
|
%post selinux
|
||||||
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
|
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
|
||||||
|
%selinux_relabel_post -s %{selinuxtype}
|
||||||
|
|
||||||
|
if [ "$1" -le "1" ]; then # First install
|
||||||
|
# the service needs to be restarted for the custom label to be applied
|
||||||
|
%systemd_postun_with_restart mrtg.service
|
||||||
|
fi
|
||||||
|
|
||||||
%postun selinux
|
%postun selinux
|
||||||
if [ $1 -eq 0 ]; then
|
if [ $1 -eq 0 ]; then
|
||||||
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
|
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
|
||||||
fi
|
|
||||||
|
|
||||||
%posttrans selinux
|
|
||||||
%selinux_relabel_post -s %{selinuxtype}
|
%selinux_relabel_post -s %{selinuxtype}
|
||||||
|
# the service needs to be restarted for the custom label to be removed
|
||||||
|
%systemd_postun_with_restart mrtg.service
|
||||||
|
fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%files
|
%files
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user