Don't ignore errors in SELinux scriptlets

... well, at leats on the SPECfile side. They are still being ignored in the macros themselves

$ rpm -E %selinux_modules_install
|
| if [ -e /etc/selinux/config ]; then
|   . /etc/selinux/config
| fi
| _policytype=
| if [ -z "${_policytype}" ]; then
|   _policytype="targeted"
| fi
| if [ "${SELINUXTYPE}" = "${_policytype}" ]; then
|   /usr/sbin/semodule -n -s ${_policytype} -X 200 -i  || :
|   /usr/sbin/selinuxenabled && /usr/sbin/load_policy || :
| fi

$ rpm -E %selinux_modules_uninstall
|
| if [ -e /etc/selinux/config ]; then
|   . /etc/selinux/config
| fi
| _policytype=
| if [ -z "${_policytype}" ]; then
|   _policytype="targeted"
| fi
| if [ $1 -eq 0 ]; then
|   if [ "${SELINUXTYPE}" = "${_policytype}" ]; then
|     /usr/sbin/semodule -n -X 200 -s ${_policytype} -r  &> /dev/null || :
|     /usr/sbin/selinuxenabled && /usr/sbin/load_policy || :
|   fi
| fi

Defined here:
https://src.fedoraproject.org/rpms/selinux-policy/blob/rawhide/f/rpm.macros#_48

The reason is described here: https://bugzilla.redhat.com/show_bug.cgi?id=1665643
TL;DR: The return values of any scriptlet in Fedora MUST be zero.
No matter how the errors in the scriptlets are handled.
For now, the "handled" means "ignored" in the case of SELinux scriplet macros.

Related: RHEL-22815

mysql-selinux.spec

@@ -42,15 +42,15 @@ install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages
 %selinux_relabel_pre -s %{selinuxtype}
 
 %post
-%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{modulename}.pp.bz2 || :
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{modulename}.pp.bz2
 
 %postun
 if [ $1 -eq 0 ]; then
-    %selinux_modules_uninstall -s %{selinuxtype} %{modulename} || :
+    %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
 fi
 
 %posttrans
-%selinux_relabel_post -s %{selinuxtype} || :
+%selinux_relabel_post -s %{selinuxtype}
 
 
 %files