From 4bb6c144e3e391d8a506bbf1ddc57532794f3cb6 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 11 Jul 2024 22:32:41 +0200 Subject: [PATCH] Move %postInstall to %posttrans If policy update removes a module, %postInstall and therefore policy rebuild - `semodule -B -n ...` was run when old module is still installed, see https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#ordering It resulted to state when the old module is still built in the policy after update until another `semodule -B` is triggered. Moving %postInstall to %posttrans should solve this problem [skip changelog] Related: RHEL-54303 --- selinux-policy.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 48f44d7b..813ffc10 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -589,12 +589,12 @@ SELinux targeted policy package. %post targeted %checkConfigConsistency targeted -%postInstall $1 targeted exit 0 %posttrans targeted %checkConfigConsistency targeted %{_libexecdir}/selinux/varrun-convert.sh targeted +%postInstall $1 targeted %{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm %postun targeted @@ -795,12 +795,12 @@ SELinux MLS (Multi Level Security) policy package. %post mls %checkConfigConsistency mls -%postInstall $1 mls exit 0 %posttrans mls %checkConfigConsistency mls %{_libexecdir}/selinux/varrun-convert.sh mls +%postInstall $1 mls %{_sbindir}/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm %postun mls