From 299486dc8d10ab5d86eaaf8d00e0e3b8f6f1f6fa Mon Sep 17 00:00:00 2001
From: Michal Schorm <mschorm@redhat.com>
Date: Fri, 15 Sep 2023 14:35:36 +0200
Subject: [PATCH] Don't ignore errors in SELinux scriptlets

... well, at leats on the SPECfile side. They are still being ignored in the macros themselves

$ rpm -E %selinux_modules_install
|
| if [ -e /etc/selinux/config ]; then
|   . /etc/selinux/config
| fi
| _policytype=
| if [ -z "${_policytype}" ]; then
|   _policytype="targeted"
| fi
| if [ "${SELINUXTYPE}" = "${_policytype}" ]; then
|   /usr/sbin/semodule -n -s ${_policytype} -X 200 -i  || :
|   /usr/sbin/selinuxenabled && /usr/sbin/load_policy || :
| fi

$ rpm -E %selinux_modules_uninstall
|
| if [ -e /etc/selinux/config ]; then
|   . /etc/selinux/config
| fi
| _policytype=
| if [ -z "${_policytype}" ]; then
|   _policytype="targeted"
| fi
| if [ $1 -eq 0 ]; then
|   if [ "${SELINUXTYPE}" = "${_policytype}" ]; then
|     /usr/sbin/semodule -n -X 200 -s ${_policytype} -r  &> /dev/null || :
|     /usr/sbin/selinuxenabled && /usr/sbin/load_policy || :
|   fi
| fi

Defined here:
https://src.fedoraproject.org/rpms/selinux-policy/blob/rawhide/f/rpm.macros#_48

The reason is described here: https://bugzilla.redhat.com/show_bug.cgi?id=1665643
TL;DR: The return values of any scriptlet in Fedora MUST be zero.
No matter how the errors in the scriptlets are handled.
For now, the "handled" means "ignored" in the case of SELinux scriplet macros.

Related: RHEL-22815
---
 mysql-selinux.spec | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mysql-selinux.spec b/mysql-selinux.spec
index 676074d..f949764 100644
--- a/mysql-selinux.spec
+++ b/mysql-selinux.spec
@@ -42,15 +42,15 @@ install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages
 %selinux_relabel_pre -s %{selinuxtype}
 
 %post
-%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{modulename}.pp.bz2 || :
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{modulename}.pp.bz2
 
 %postun
 if [ $1 -eq 0 ]; then
-    %selinux_modules_uninstall -s %{selinuxtype} %{modulename} || :
+    %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
 fi
 
 %posttrans
-%selinux_relabel_post -s %{selinuxtype} || :
+%selinux_relabel_post -s %{selinuxtype}
 
 
 %files